Virtualization Puts Windows in its Place

By Etay Bogner
published: Wednesday, April 30 2008

Virtualization is an essential new technology that is driving business benefits in enterprises around the globe.  The cost savings realized by reducing the number of datacenters a business must support are dramatic, led by extended server purchase cycles, streamlined IT organizations, and reductions in energy expenses.  This has been enabled by virtualization, a technology that allows hardware resources to be shared by multiple operating systems, and provides IT the agility to rapidly provision application environments to meet peak business loads.  The key concept is the notion of resource sharing and the ability to execute even legacy applications on cheaper x86 server architectures.

Applying virtualization to consolidation of datacenters is only the first step towards building an IT infrastructure that can move at the speed of business. Enterprises still need to securely connect end-users to applications in the datacenter, protect confidential information from inappropriate disclosure, and reduce the rising costs of administering a diverse community of users. Endpoints, be they personal computers at home, on the office desktop or laptops in remote locations have thus far eluded IT attempts at cost-effective control while also complicating the rollout of new business initiatives.  A large part of the problem is that endpoint configurations and business uses are as unique as the job requirements of the end-users.  New endpoint architectures are necessary to fully take advantage of the opportunity to evolve to an end-to-end virtual infrastructure to access data, applications and services, and to realize the full benefits of a streamlined IT organization.

Recent advances in hardware virtualization enable the sharing of endpoint resources, with tangible business benefits achieved via a streamlined IT organization and rapid mobilization of the technical infrastructure to meet dynamic business initiatives. Virtualization on the endpoint provides IT the necessary tools to isolate trusted business applications from the personal use capabilities of Windows, freeing IT to focus on the business. The impact of endpoint virtualization is unparalleled, as it allows whole new class of application solutions to be delivered to customers, employees and business partners. The solutions are inherently more secure, easier to manage, and return significant cost savings straight to the bottom line. Endpoint virtualization extends the infrastructure from the datacenter out to the endpoint, with resultant enhancements in delivery of services to customers.  

The Role for Windows

For most of us, Windows is the endpoint operating system of choice, offering a rich set of applications and capabilities that has revolutionized the role of personal computers for business. However, the demands of a vast installed base have led Windows to become a heavy burden for many business needs. Windows is a strategic platform for every business, but it does need help in critical areas to retain its importance:

• Security: Windows relies on layered security applications to protect Windows itself, and the confidential data that is entrusted to Windows environments. Windows cannot be relied upon to secure Windows.

• IT Control: it is prohibitively costly for IT to monitor configurations, upgrade software, deploy patches and maintain all of the endpoint combinations and permutations of a business community.

• Performance: application commands have to pass through multiple layers of Windows subsystems to reach high performance devices, such as network interfaces and video cards. Newer media-based applications over the Internet demand higher performance.

A new technology - endpoint virtualization - creates a secure environment on each endpoint where trusted applications can execute outside of Windows.  Hardware capabilities built into standard Intel and AMD processors enable the isolation of trusted applications from the malicious attacks and performance inefficiencies of Windows.  End-users retain access to the full power of Windows for productivity applications and personal use without impacting the performance or security of the business.  Endpoint virtualization gives the context necessary for IT to control the endpoint as a thin client on the corporate LAN, remote access device or as a local PC depending on performance and security needs.  IT can be streamlined to administer trusted applications, reducing general purpose Windows administration to a lower priority.  Windows is an essential application platform that every business needs, but it is critical to complement Windows with endpoint virtualization in end-to-end environments that are driven by virtualization in the datacenter and in advanced use of the Internet.

Endpoint Virtualization

Endpoint virtualization, also known as "client virtualization," extends the advances of datacenter virtualization with performance and security features that are specifically aligned with the needs of IT in providing for the diverse user requirements for secure application access to dispersed organizations. To some extent all business applications are accessed remotely; endpoint virtualization provides secure access to the business in a manner that dramatically lowers operating costs. The technology innovation behind endpoint virtualization is an endpoint hypervisor and hardware support for virtualization by Intel and AMD to deliver the following benefits:

• Performance: the real hardware characteristics of the endpoint are passed through to the application without resource-draining context switches between "host" and "guest" operating systems. The user experience is noticeably improved with increased system responsiveness to local devices and network interfaces.

• Security: hardware support for virtualization isolates trusted business applications outside of Windows allowing data and executables to be significantly immune to infections on the endpoint. Business applications such as browsers or personal firewall security executables are not dependant on trusting the integrity of Windows.

• IT control: IT processes are effectively streamlined by simplifying the challenges of configuration management, security profile administration and performance for future services to the organization.  A single easy-to-manage endpoint infrastructure supports rapid deployment of end-user environments for home, office and remote uses.  IT does not have to expend critical resources supporting endpoints that have shared uses.

• Hardware compatibility: Windows, Mac OS and Linux-based applications execute unmodified. Endpoint virtualization applies pass-through intelligence to assure that the operating system  interacts directly with the hardware when necessary.

Endpoint virtualization is the critical technology to extend the business infrastructure beyond the corporate firewall

Endpoint virtualization is the critical technology to extend the business infrastructure beyond the corporate firewall.  With an architecture that executes trusted business applications outside of Windows, endpoints are no longer merely add-ons to the computing infrastructure. The benefits of endpoint virtualization allow IT to streamline operations, with less IT resource devoted to endpoint security, application agent deployment, and end user support.  Endpoint virtualization is the appropriate infrastructure strategy for endpoints both inside and outside of the corporate security perimeter.

The Open Source Movement

Tremendous flexibility and breadth of technical architecture is required to sustain a diverse user community.  Every user seems to have favorite vendors, applications and devices that IT supports to move the business forward.  The traditional approach is to submit feature requests to the infrastructure vendor and then wait until that vendor supports the requested enhancements.  The open source movement is changing the model of total reliance on a single vendor, with significant gains to the business.  Open source encourages the user community to share changes made in the source code, ensuring that organizations gain faster introduction of new features. 

Open source has been behind many of the advances in endpoint and datacenter virtualization.  Open source is a proven approach that has allowed new technology to rapidly develop enterprise class features.  The most common examples of successful open source movements are in the Linux operating system, the MySQL database, and the Xen hypervisor for virtualization.  With the ever-changing variety of endpoint devices to support, the open source community can provide an endpoint virtualization infrastructure that gives your business a sustained competitive advantage.

• Community: organizations can take advantage of an extended labor pool for software modifications and enhancements.  A central body is responsible for central support, quality assurance and distribution of enhancements contributed by the user community.

• Extensible: Relief from proprietary technology.  Businesses can better control their own technical destiny with open source. Enhanced features can be found on the Internet, and some enterprises may choose to modify portions of the endpoint virtualization source code to meet their own unique requirements.  Interoperability across platforms and architectures is one of the first benefits enterprises realize from open source movements.

• Costs: license and support costs are sharply reduced with open source products, since development is distributed across the open source community. Expenses saved in open source projects can be put to work to improve other areas of the technical infrastructure.

The open sharing of source code provides the business leverage of an extended force of experienced labor yielding accelerated exposure to new features.  With the ever-changing variety of endpoint devices to support, the open source community can provide an endpoint virtualization infrastructure that gives your business a sustained competitive advantage for years.

Conclusions

New endpoint architectures are necessary to fully take advantage of the opportunity to evolve to an end-to-end virtual infrastructure to access data, applications and services without forcing changes to end-user experiences.  The business demands the flexibility to share critical resources with significant improvements in cost savings, service delivery and security.  Virtualization is the technology that fuels these streamlining efforts.

The approaches of application and desktop virtualization cannot solve all the complex performance and security needs of the endpoint.  Endpoint virtualization isolates the business application from the performance and security issues of a layered Windows application so that professional use of the endpoint for corporate business can be safely shared with other uses.  The technology is uniquely focused on the needs of the endpoint for I/O performance and relief from vexing endpoint security issues.  Endpoint virtualization is enabled by the open source movement for the hypervisor and advances in hardware support for virtualization by Intel and AMD.

The cost savings for controlling secure endpoint access to business applications are substantial. The technology exists, is proven, and is backed by major technology vendors.  We have seen the sharing of applications on servers, and the sharing of datacenter resources for desktop applications.  The natural trend continues with the secure sharing of personal and various professional uses in endpoint virtualization.  Together, endpoint virtualization enhances the ability of IT to offer enhanced business services by extending application and desktop virtualization infrastructures.

Your organization's virtualization program needs to include a strategy for virtualizing the endpoint.  Endpoint virtualization provides the common infrastructure necessary for IT to introduce virtualized applications and desktops without disrupting the user experience.  End-users still run Windows for personal use and certain productivity applications, but trusted applications such as browsers or security software can now efficiently execute outside of Windows.  Select a specific business application for endpoint virtualization to measure the Total Cost of Ownership savings, and enhancements in business service due to streamlined IT processes.  Virtualization in the datacenter is not the total answer - it is most valuable in conjunction with enhancements to the endpoint infrastructure.

AMD Processors , Intel