Apple to put VDI and Terminal Services to the Lions and hail client hypervisors?

Apple have released their latest OS version. There are over 200 new features including autosaves, versioning, multi-touch gestures, access to the Mac App Store and, multi-user screen sharing. But Apple have not only changed the look and feel of the new, and significantly cheaper OS, they have changed their license terms as well.
One is the inclusion of clause to allow you to run multiple instances of the OS on your own device. A similar clause to one in Microsoft’s Windows 7 and a license feature that would sit well with a client-side hypervisor solution – giving administrators centralised control and management of end-devices.  In the Panther and Leopard releases, Apple added features to allow fast user switching and screen sharing: possible precursors to a native Terminal Services function. For some enterprises, a virtual Mac OS X environment would be a desktop Nirvana: giving access to Mac-only applications on-demand without having to supply Mac hardware on a one-to-one basis.
Does the multi-user screen sharing function provide a native Mac Terminal Services solution? Will Lion allow you to virtualize the Mac OS to take pride of place in your desktop delivery strategy and finally maul Microsoft’s Windows dominance?

Lion Tames Mac VDI

At first, everything appears good. In Section 2,B,iii:
(iii) to install, use and run up to two (2) additional copies or instances of the Apple Software within virtual operating system environments on each Mac Computer you own or control that is already running the Apple Software.
The grant set forth in Section 2B(iii) above does not permit you to use the virtualized copies or instances of the Apple Software in connection with service bureau, time-sharing, terminal sharing or other similar types of services.

With Lion, Mac users can run up to two additional copies of OS X Lion or OS X Lion Server for each install of Lion on Mac hardware. Mac users get a function that has been available  in Microsoft Windows 7 – that’s an unusual bonus. It is important to note, this can only be achieved on a Mac device that is already running Apple Software: therefore a ‘type#1’ client hypervisor solution (such as BareMetal, NxTop and Xenclient) is not going to be  an option for managing this.

This reduces management options to be sure, however the license wording gets more serious in Section 2H:
2. Remote Desktop Connections.  Subject to the terms and conditions of this License, when remotely connecting from another computer or electronic device (each a “Device”) to an Apple-branded computer that is running the Apple Software (for purposes of this Section, such Apple-branded computer is referred to as the “Home Mac”), whether through the Screen Sharing feature or through any other means:
(i) only one (1) Device may remotely connect at any one time, whether directly or indirectly, to control the graphical desktop session of the Apple Software that is running and being displayed on the Home Mac; and
(ii) a reasonable number of Devices may remotely connect at the same time for the sole purpose of simultaneously observing the same graphical desktop session of the Apple Software that is running and being displayed on the Home Mac, as long as they do not control the Apple Software in any way; but
(iii) only one (1) Apple-branded Device may remotely connect at any one time, whether directly or indirectly, to control a separate graphical desktop session of the Apple Software that is different from the one running and being displayed on the Home Mac, and such connection may only be made through the Screen Sharing feature of the Apple Software.

Except as expressly permitted in this Section 2H, or except as otherwise licensed by Apple, you agree not to use the Apple Software in connection with service bureau, time-sharing, terminal sharing or other similar types of services. You also agree not to use or offer the Apple Software, or any of its functionality, to provide service bureau, time-sharing, terminal sharing or other similar types of services to third parties.
If you were to consider pushing a Mac desktop out to thin client devices, this isn’t going to be possible. You need a Mac device in order to connect to the service. More importantly, while users are permitted to run one or two virtual Mac instances on each physical Mac, this wording means that Presentation Virtualisation style environments would not available using Lion – screen sharing is for viewing only, not interaction.

Impact on Vendors?

A number of desktop virtualisation vendors have sp0ken about offering solutions to deliver a centralised desktop service around the Mac OS. At this year’s Citrix Synergy there was talk of Citrix working on a Mac service: XenClient briefings regularly allude to a XenClient offering running on a Mac. VirtualComputer had considered suggesting using their client-side hypervisor NxTop to sit on a Mac device. And then, there are those who are not just talking about it – they’re doing it. Aqua Connect has developed the impressive Mac Terminal Server – a hosted session solution built on the Mac Server OS utilising Microsoft’s Remote Desktop Protocol (RDP) which we’ve discussed previously.
Microsoft have licensing policies that make desktop virtualisation environments more complex to license but, Microsoft recognises that supporting such services drives license take-up and maintains high levels of use and (re)adoption. That said, Microsoft are primarily a software vendor.
Apple on the other hand, makes considerable profit from the sale of hardware: allowing their OS to be run on non-apple devices is not going to drive sales of hardware.

Its not about the desktop – its about the data?

Perhaps more importantly, Apple’s goal could be said to have a cohesive OS environment across devices. By standardising OS features and focusing on a 1-user/device model Apple can keep code base focused on delivering a consistent user experience, regardless of device type. And indeed, encourage different different device types for different settings: why have an iPhone or an iPad – why not have both? Users interact with their applications and data in a consistent manner; and at the same time, Apple doesn’t waste development time adding in multi-user features to their server OS, and writing gesture code that will operate effectively over a remote protocol.
This is great for Apple, gives a good consumer experience – but how does it impact an enterprise desktop strategy?

Is Apple to iTune in and AirDrop out of the Enterprise?

In terminating the possibility of deploying multiple instances of virtual Mac OS X environments in a corporate environment its highly unlikely your virtualised desktop Skynet will be delivered with a Lion interface. You have to ask – do Apple care?
There were a number of suggestions that with the move to Intel hardware, virtualisation would allow Mac devices to be more widely used in the enterprise (all be it, to run Windows applications). Apple devices are widely citied as being the device of choice in BYOD projects: but typically as a thin client. Citrix and Virtual Computer have both toyed with Mac device client-hypervisor support to allow you to use the full power of the Mac device. Yet, the existing EULA states if you need off-line access you have to utilise a solution that operates on-top-of the Mac OS , such as MokaFive or Parallels Desktop for Mac.
In creating a revolutionary smartphone and application buying experience, Apple have discovered a revenue generation model that does not need to rely on selling into corporate accounts. There is no need for Apple to deliver services to support a terminal services or virtualised desktop environment. Indeed, you have to consider if Apple will increasingly focus on portable form-factors and let go of their “traditional” Mac devices.
There may well be over 200 features in the new OS, but Lion is not the release to make Apple a desktop OS that is lord of the jungle of corporate desktop solutions.

15 replies on “Apple to put VDI and Terminal Services to the Lions and hail client hypervisors?”

  1. …but that is of course, not to say that Macs won’t be used and can’t be managed.. as this very recent example shows: http://bit.ly/pQczcu .. but I spoil my own follow-up really.

  2. Good article Andy.
    I wonder if Apple would count dual boot as “already running Apple software”?
    any lawyers out there? Or have you hear directly from applet they are explicity trying to preclude running on a type-1 hypervisor?
    kind of a shame as the OS looks like it would virtualize quite well and probably better than Windows.
    Dan McCall
    CEO, Virtual Computer

  3. Dan, I haven’t heard directly that Apple are purposefully excluding type#1 – but I judge from the license agreement that this isn’t something on their roadmap. Apple’s focus I believe is on the consumer space: fine. But even in a consumer market the high value of their devices means that often they’re aspirational devices.
    I think a drive for type#1 vendors would be to work with major hardware manufacturers to offer a pre-OS management environment. At the moment, VirtualComputer takes the lead with that with their Lenovo link-up. It will be interesting to see where further links up develop.
    A major value #1 can offer (I think) is with similar services (or tie in with) the functions that (say) Absolute give – management beyond the OS – but with data & application management, attached device and data security.

  4. People seem to be missing a key point here – we’re all looking at these changes in terms of how they affect our ability to apply established virtualisation and TS doctrine – but also consider that these EULA changes put apple in a perfect place to provide cloud (iCloud?) hosted OSX desktops, accessible via iPad, or ever Apple TV units. Tie users into a subscription model to access thier personal cloud hosted OSX desktop, via a common apple login that gives access to all their appstore purchased applications. Overnight ecosystem without the massive buyin costs or risk traditionally associate with migrating to apple. What they loose in upfront mac sales, they make back in subscription revenue and market control (no option to install software other than via the appstore!).
    There is also the option for localalised VDI deployments (private cloud)- Think about it – Deploy a couple of mac pro’s, or a rack of Mac Mini’s as VDI hosts at your branch offce – stick an AppleTV type appliance (or an ARM processor equipped Cinema display?) on every desk, and use them to connect to OSX VDI sessions running under Lion server. Much cheaper than deploying full macs to every desktop (totally unneccesary for the majority of task and knowledge workers anyway) but still locks companies into Apples ecosystem.
    Expand on this by using pooled processing resources via Grand Central Dispatch to cope with intermittently required but more demanding workloads, and it starts to look very viable indeed.

  5. Phil,
    I’m shaking my head so much here, I’m in danger of whiplash.
    these EULA changes only promote a virtualised desktop instance of a Mac OS running on Mac hardware delivered to Mac clients. That’s not virtualisation at all – that’s just remoting. Apple users are being tied into a model around this for sure with iCloud as-is: adding a desktop service is an unnecessary expense on Apple’s behalf.
    If Apple truly wanted to reduce the ecosystem expensive they’d not have created an EULA that hampers the great work innovate companys (such as AquaConnect) are doing. By forcibily tethering the Apple OS to Apple HW and by being the only the supplier – the opportunity for competitive growth is fundamentally removed. There is a Windows Terminal Services market because Microsoft allowed (and allows) other organisations to operate in that space.
    I have thought Private deployments. Again – it doesn’t work. The model you suggest is (again) fundamentally disallowed by the EULA. The model you describe can’t be achieved. I quote again:
    “a reasonable number of Devices may remotely connect at the same time for the sole purpose of simultaneously observing the same graphical desktop session of the Apple Software that is running and being displayed on the Home Mac,” …and here is the important part ” as long as they do not control the Apple Software in any way;”
    the multi-user capability is for sharing a desktop *view* only: so negating the environment you’d like to achieve.
    Lion is likely a great OS. Apple are a big company – but their latest EULA of the OS removes the methods of 3rd parties to develop desktop delivery solutions based on the Apple OS to “type#2” hypervisors only.
    If Apple started to deliver such services, with the existing EULA in place I’m sure there are governments’ anti-monopoly who will swing into action.
    If – and this is the big thing imo – Apple’s desire is to push into the corporate space. I don’t think it is.

  6. Of course its not the full story just yet – perhaps I we should focus less on the EULA (which is easy for them to change at will) and more on the fact that the technology is now clearly there within the core of OSX to facilitiate a variety of moves should Apple decide to make a tentative push in that direction. Virtualisable OSX instances, simultaneous desktop logins, remote access etc.
    Apple have never been about supporting a partner echosystem – they are all about first party control. The fact that they are going to such lengths to control legitimate TS and VDI like functionality within OSX via licencing restrictions while simultaneously introducing the underlying technologies to support it is typical behaviour – they don’t want anyone providing a half baked version of thier “vision” – and so supress it until they are ready to deliver (and capatalise) on thier terms.
    In regards to anti-monopoly laws, to my knowledge no-one have successfully won a case to defend the right to install the basic desktop version osx on non-apple hardware, so I don’t expect any virtualisation or session desktop software or service solution vendor will be able to convince a judge that they should be allowed to host a virtualised or multi-tennant server side varient – theres just too much complexity in the legals to be worth going up against Apple.
    I don’t believe Apple are attempting to recreate the corporate Terminal Services market – their focus of late has all been on the end user market. Given the slowly growing pressure on thier impressive margins from Google (via android) et al, it makes sense for them to consider how they will tackle the next step in desktop evolution – i.e. wider adoption of cloud hosted desktops (not just data), all accessible via TV’s, iphones, ipads and the like.
    It seems to me that they already have a perfect “in” through otherwise uninspiring hardware lines like the Apple TV (Apple badged endpoint remember!), that could be rapidly leveraged via an IOS app to provide a perfectly acceptable cloud desktop service. Local enterprise VDI would be a possible extension of such a move, but thats more about me wishlisting than a likely business direction!

  7. Andrew, there are innovative technologies available today that deliver the full benefits of virtualization and enterprise class infrastructure to Mac users.
    Consider “OPUS” from Orchard Parc – a fully secure, mobile “Virtualized Mac User Persona”. OPUS can be delivered via local servers or the cloud, and is 100% Apple EULA compliant. And it supports both Lion and Snow Leopard.
    OPUS’ patent pending technology provides a “follow me anywhere” personalized Mac user desktop that can be accessed from any Mac. OPUS is launched and supported using enterprise class virtual infrastructure such as VMware, XEN and Amazon Cloud Services. This provides Mac users the full benefits of virtual infrastructure including high availability, dynamic resource scheduling, off site disaster recovery, fault tolerance and automated backup using commodity server platforms. This provides an elegant high performance upgrade and migration path from X Servers.
    The solution leverages UNIX based distributed computing to optimize performance, reduce server infrastructure requirements (less than 1/20th the servers of VDI) and significantly reduce network bandwidth requirements. It is so efficient that users can enjoy a full graphics desktop experience over LAN, WAN and even WiFi connections. And this includes launching graphics intensive apps such as video games over a WiFi connection.
    OPUS provides central IT administration and management over user profiles, IT policies, applications, data and content. The user receives a secure, corporately controlled Mac desktop and a full local desktop computing experience. Data can be maintained secure behind the firewall, or distributed to support mobile and off-line use.
    With OPUS, IT admins can deliver and manage Mac, Windows and Linux apps to Mac users. And since Windows executes locally (uses any Type 2 hypervisor for Mac – Fusion, Parallels, V-Box), there is no need to re-licence as there is with server hosted VDI. Applications can be launched locally, or streamed from the server, but always execute locally to take advantage of local computing resources.
    The solution is ideal for companies that need to support mobile knowledge workers, considering BYOC, or schools and organizations that wish to lower desktop costs, enhance security, and support best of breed apps on single device. OPUS can provide a fully managed, secure desktop, deliver Windows business apps, and do so at a fraction of the infrastructure expense of VDI.
    And OPUS is available now.

  8. Derek,
    I’d not come across Opus before – and I read through the information with interest. I look forward to understanding more on that: some of the technologies you mention (e.g. follow me anywhere) has taxed many (e.g. even Apple struggles with a viable service for delivering a consistent view of your iTunes purchases between devices).
    I’m not sure on your point about “no need to re-licence as there is with server hosted VDI”: if you’re deploying Windows via a #2 hypervisor, there needs to be an MS license bought somewhere.
    But, as I say – I look forward to understanding more.
    Phil,
    I’d agree – Apple aren’t attempting to recreate the corporate Terminal Services market – because their focus (not just of late – but like … forever). Arguably this impacts organisations who want to deploy a mac desktop, but can’t afford the hardware. Like I say – does Apple care? I think the answer is “no”.

  9. Good points all.
    Let me comment on a few items:
    First, Apple presumably wants to sell hardware so don’t expect to run OSX on thin clients or cheap knock offs. The EULA prohibits this anyway. They cannot sell the OS as Microsoft does with Windows as it is based on open source. They can sell support upgrades however.
    Second, every Mac has identical (or nearly so) hardware and Operating System. No DLL Hell in the world of Mac. This is a good thing.
    Third: innovative solutions such as OPUS deliver the benefits of desktop virtualization but do require a Mac endpoint. The offset is a massive reduction in backend server storage and network infrastructure expense, and of course, the associated complexity and data centre.
    VDI just does not work for mobile users, and laptops are the bulk of Apple’s Mac sales today. The Mac can run Windows and Linux as virtual machines which is proven, reliable and high performance technology. Lots of support and productivity benefits too.
    And last, any client considering VDI has existing Microsoft desktop licences. If they migrate to VDI they must re-licence. The existing licences are not valid for server hosted deployment. With OPUS, all applications execute on the Mac, not on the server. They can be locally installed as either direct installs, or as virtual machines, or streamed from the server to launch locally.
    Deploying Windows on Mac does not require a re-licence of the Windows desktop licence. But, you still need a licence. (don’t get me in trouble with the licence police!)
    Apple does not provide any multi-seat management, control or administrative capabilities for Windows on Mac.
    Fortunately, OPUS does.
    Look forward to speaking with you in person.
    All the best
    Derek

  10. I’ll give you your due Derek – you’ve definitely made use of the platform to highlight your product 🙂
    I’ve heard on a number of occasions the XenClient team pushing the fact that they can put a client hypervisor on a Mac device. The problem here is (I believe) this contravenes
    “use the virtualized copies or instances of the Apple Software in connection with service bureau, time-sharing, terminal sharing or other similar types of services”
    A client hypervisor allows agentless management of devices – not just the OS, but the facility to make use of services to manage the OS & apps, but to backup user data. Yet, it does rely on you having a virtualised copy, or instance of the Apple OS.
    Perhaps a get-out is to only manage the non-mac instances if you need a CsHV – or do something else.

  11. Hey, thanks Andrew 🙂
    I appreciate the forum to help educate others on what we and other innovative organizations are doing (well, mostly our team and solution). Typically, VDI means Citrix or VMware. And most readers of your forum would agree that those solutions while very good and valuable, do have gaps.
    Innovative technologies such as ours and from companies such as I-Peak Networks and GridCentric (all from the Toronto based MARS DD innovation center) are delivering new solutions that aim to solve these challenges.
    We focus on mobility and centralized automation for Mac and Windows; GridCentric offers very interesting technology to deliver improved memory management and performance for VDI. iPeak has very good video acceleration and performance enhancing technology.
    The Apple EULA is clear: cannot run on non Apple hardware. Their product, their rules, which is fair enough. One of the advantages of a single vendor PC solution is the reliability and support Apple offers, and the consistency of the platform. I suppose if you want or need to pick low cost or build your own hardware then you can use Windows or linux. Ultimately, the choice is yours.
    As with VDI, the Apple platform is not perfect. Lots of gaps but also lots of value for a user and the enterprise (i.e school, hospital, SMB or Fortune 1000). We have developed software to fill those gaps and try and solve some of the challenges.
    All the best

  12. “First, Apple presumably wants to sell hardware so don’t expect to run OSX on thin clients or cheap knock offs. The EULA prohibits this anyway. They cannot sell the OS as Microsoft does with Windows as it is based on open source. They can sell support upgrades however.”
    Er, Apple’s not licensing Mac OS for non-Apple hardware has NOTHING to do with any open source bits that are in Mac OSX – if there was a conflict with Open Source and “selling” then bundling it with the machine and restricting it to use on the machine only would be just as big of a “no no”.
    “Second, every Mac has identical (or nearly so) hardware and Operating System. No DLL Hell in the world of Mac. This is a good thing.”
    While Apple controlling the hardware does keep driver problems to a minimum, .dll’s have more to do with Microsoft’s operating system design than hardware (and I’d throw the registry right in there as a close second to .dll “hell”). The trade off, as a long time Mac user, is key components like video cards get updates that are few and far between. Thankfully there are enterprising groups (netkas) who have figured out how to reflash some “Windows only” video cards, but the lack of hardware diversity can sometimes be frustrating – even while enjoying the stability it brings.
    “And last, any client considering VDI has existing Microsoft desktop licences. If they migrate to VDI they must re-licence. The existing licences are not valid for server hosted deployment.”
    It depends on the licensing they have (OEM, Retail, Volume?) and if they have software assurance or not. And also how and from where their users will be accessing their VDI infrastructure.
    “Deploying Windows on Mac does not require a re-licence of the Windows desktop licence. But, you still need a licence. (don’t get me in trouble with the licence police!)”
    If OEM you need to re-license. Retail licensing you may not. Volume licensing has some restrictions but you are pretty safe. Unfortunately, especially in business environments, there is lots of retail and OEM licensing out there!

  13. Fair points EricE – but in the context of Terminal Services, or Remote Desktop Session Hosts you do need an additional license, an RDS Client Access License which is available on a per user or per device basis.
    Desktop OS licensing is different for sure, but not rocket science https://www.virtualizationpractice.com/licensing-vdi-for-microsoft-desktops-is-it-rocket-science-9389/
    Ultimately I think, Apple is a hardware company that uses software to sell its hardware; Microsoft a software company that uses hardware to sell its software.
    In terms of RDSH/Terminal Services/PV you can’t “use software to sell hardware” as you open yourself to lose control of any symbiosis.
    Which is a pity, as Aqua Connect’s solution is an enabler to the mac experience. But when you’ve punters queueing round the block to blow another $500 on a device: is that something you’re going to be fretting about?

  14. “Fair points EricE – but in the context of Terminal Services, or Remote Desktop Session Hosts you do need an additional license, an RDS Client Access License which is available on a per user or per device basis.”
    And for VDI you need either SA on a qualified Windows OS, or a VDA subscription, both of which are device only. There is no surprise there, Microsoft licenses their server software and connections to it.
    “Desktop OS licensing is different for sure”
    You say different, I say PITA :o)
    “Ultimately I think, Apple is a hardware company that uses software to sell its hardware; Microsoft a software company that uses hardware to sell its software.”
    Actually I think that’s selling Apple a little short. Apple is an experience company that uses hardware AND software – as well as their retail stores and support to sell that experience. It’s why the iPhone and iPad are runaway hits despite a plethora of devices that have similar hardware specs and that are much cheaper. With PC’s, the mind-share and “bar” if you were was already set. Apple pretty much created the mainstream perspective of a smartphone. Yup, I realize smartphones existed well before the iPhone – I had a Windows phone for years before the iPhone was even rumored, and before that various Palm devices (before USR bought ’em). The experience was miserable – there’s a good reason that only geeks used that stuff. Plam was good, but it was tethered to your computer and you were an island when not around it. Windows Mobile sucked at everything so bad I pretty much used it mainly for email and phone calls, and I don’t even like talking on the phone! The iPhone was groundbreaking because it wasn’t targeted at developers (Windows Mobile) or carriers (pretty much everything else) but end users. And it wasn’t targeted as a technology offering (specs, features and gadgets) but as an experience (the internet in your pocket!) – and it resonated.
    Sorry for digressing, but it really rubs me when people try to discount Apple as “just” a hardware company or only successful because of marketing and iSheep – you don’t have the kind of success Apple has by not having something concrete driving it. Anway…
    “Which is a pity, as Aqua Connect’s solution is an enabler to the mac experience. But when you’ve punters queueing round the block to blow another $500 on a device: is that something you’re going to be fretting about?”
    I’m not sure what your saying here. Yes, it’s annoying that Apple doesn’t have a more friendly virtualization stance (as well as server too – especially since they killed their redundant/rack mountable Mac server)but in the end I don’t think Apple cares because they realize the market is shifting. The desktop is dead (long live the desktop!). People don’t ultimately care about desktops – geeks do, but were not everyone – and remember the Internet is infested by geeks so we tend to think we are more important and influential than we are! To most people, computers are a means to an end. And if a mix of web services, mobile devices and whatever “the next big thing” is will do what they want, that’s where the dollars will follow.
    Don’t believe me? Just look at the dichotomy between the derisive labeling of the iPad – from day one – as a “media tablet” by industry hacks, contrasted with the steady flow of applications and content that are created on the iPad where the iPad is a primary device. Could I work on the iPad as a primary device? Nope. Could 50% of the population? Probably allot more easily than we would like to admit.
    I mean, let’s stop and think about why we care about VDI or RDS? To get to *Windows* applications. What if Windows applications are no longer important, or we cross the tipping point where they are a minority requirement for most users? That’s what I’m watching with interest. I think Microsoft senses this – just take a look at the recently announced Office pricing for home users if you think I’m way overreaching…

  15. Ah, you’ll notice I never said “just a hardware company” – because if I did, it’d not only be not true, there’s the possibility of a whole load of people standing outside of my house with burning pitch forks (all be it nicely designed, expensive pitch forks)… although given the torrential rain at the moment – that’s not going to be an overly pressing problem, should they actually be able to find my house.
    What I was intending, with reference to AC, is that I think there is benefit in competition. Having an alternative to a Windows OS and Windows Apps set is A Good Thing. Will it come from “the web in a browser” – not any time soon. Will it come from Linux – unlikely. Could it come from Apple. I don’t think so: I think so even less now because a barrier to that experience is the cost of the hardware. If there is a way in which that can be reduced that would have been good. Here is a benefit of RDSH/TS, you can deliver apps (and data) on relatively low cost devices. But we’ve discussed already why that won’t happen.
    VDI or RDS to “get” windows apps? For sure in the main that’s what they are for, but it doesn’t have to be that way. Aqua Connect has an option (all be it for pre 10.7 versions of OS X), Ulteo has an open source environment that supports Linux…
    But the fact of the matter is – there are a larger amount of windows apps available and that’s not going to change any time soon and no matter how much I harp after alternative with misty eyed fondness that’s not going to change.

Comments are closed.