Citrix XenClient Enters the Ring

Citrix have finally made their much touted bare metal hypervisor for desktop devices – XenClient – available for download. This release closely follows that of Virtual Computer, the market leader in distributed desktop virtualization announcing the availability of NxTop Connect. And indeed, only recently Neocleus, makers of NeoSphere signed a technology licensing agreement with BigFix a leading solutions provider.
Both Virtual Computer and Neocleus are small organizations in comparison to Citrix: why would Citrix extend their wide virtualization portfolio to include a bare metal hypervisor for desktop devices? What features would be necessary to make this such a service viable?  Where is Citrix’s normal sparring partner VMware? Could such a solution help organizations deliver their IT services more effectively?
Why is  a Bare Metal Hypervisor for Desktop Devices Useful?
A core problem in managing distributed computers is that the workspace is tied to the device: the applications are tied to the operating system, the operating system is tied to the device and the user data is melded in there too. While it is relatively straightforward to separate out the applications and the user data – extracting the operating system is harder. An operating system requires specific device drivers to interact with various hardware components – be it the video card, the network card, or the motherboard. Change the device – be it because you need a newer one, or a desktop needs to be a laptop, or vice versa, or a Dell laptop is replaced with an HP Laptop for whatever reason.. and the operating system build needs to change.
Of course, you can deploy a Desktop Virtualization and/or Presentation Virtualization  environment to resolve this. But, such an environment needs data center infrastructure to host the virtual hosts/sessions. This is an expensive undertaking: and it is not always possible to use these services to serve all your users: mobile users who need off-line working for instance. Moreover, the user experience  – especially for intensive processing or graphics – can be difficult to deliver without using local client resources.
With a bare metal hypervisor on the client device you can make use of centralization technologies to reduce management costs of your infrastructure – while at the same time being less dependent on binding the operating system to the device directly.  A virtual host is delivered directly to the  device and can be run using almost the device’s full resources. This reduces the hardware required in the data-center to host virtual machine and allows devices to be used off-line.
This is of greatest benefit when supporting laptop users who have long had devices that have caused IT managers to want to throw in the towel.  Laptop builds give you a number of headaches:

  • Maintaining a standardized image – often one device doesn’t suit all users: supporting different models is cumbersome in terms.
  • Deploying updates & changes – as they’re for mobile users, it figures that those users are not always in the office.
  • Providing backup/restore function –  which means they’re often on the road and more likely to fall foul of losing/damaging their device – devices can be replaced – without a back-up data cannot.
  • Securing the end device – in which case its important to ensure that the data stored on the device is encrypted and that the end device can’t readily be used to connect to your network unknown to the authorized user.

Yet, the benefits are not simply for laptops – with a bare metal hypervisor you can:

  • deploy a standardized image to end devices – regardless of that device – be it a laptop, a standard desktop, a blade – your devices could be managed from a central location with common builds – across the estate.
  • monitor and manage a workspace outside of the operating system – its all very well having an agent that operates  within the OS to provide updates and management when the OS is working; but having a bare metal hypervisor can allow you to offer management functions in the event of a failed OS, possibly to allow deployment to a new device
  • run multiple workspaces on one device – excellent for testing, or development, providing access to different services (e.g. two workspaces during a merger) from the same device..
  • enable virtualization without a data-center – hosting desktop sessions in a data-center can be a costly undertaking – a bare metal hypervisor allows you to utilize distributed computing while making use of the management and reliability savings virtualization is able to deliver.

Why The Importance all of a Sudden?
Why would Citrix extend their wide virtualization portfolio to include a bare metal hypervisor for desktop devices? Because, while they can allow access to existing devices via their XenDesktop agent, while they can deliver high density workspaces on servers using XenApp, while they can provision virtual and physical devices with Provisioning Services … delivering and managing a device that could operate both on, and off, the network – that was a missing piece.
Virtual Computer and Neocleus have understood this  – and delivered solution. Both Citrix and VMware realize the potential.
Yet, while the advantages to your organization are plentiful, bear in mind that not all end devices support this technology. Citrix XenClient has been released with less than a dozen ‘fully tested’ devices – mainly from Dell and HP. Virtual Computer have a more extensive list – and a utility that can determine if a device is suitable. Both have a similar core  requirement but neither, yet, support AMD chipsets.
Bare metal hypervisors is a service that is incredibly useful – but may require you to replace existing user devices to hardware that supports the core technology.
So, this is a Facilitator for BYOC?
To be fair – yes and no. A bare metal hypervisor solution requires that you wipe the existing device – in order to install the hypervisor client. Sure, you can stipulate that only compatible devices are ‘supported’ (although, as discussed at the moment that’s a limited range) , and sure you could take an image of the device “before” and enable it after: a benefit of this technology is to  support multiple operating systems. But now, who ‘owns’ the core management of the device? The business? The BYOCer?
Would you trust that device if the user has control or access to the hypervisor console? Would you user trust you not to blow away their laptop with their hard fought Call of Duty scores saved on it?
For BYOC a better option for using local devices would be to use a solution such as Moka5 or VMware ACE. Here, the virtual machine runs in an environment hosted within an existing operating system. BYOC may absolve the organization from purchasing a specific device – but you still have to deploy a service that users can connect to. An advantage of these such solutions is that, you don’t have to radically change the existing environment.
On the other hand a bare metal hypervisor offer advantages over those that rely on an operating system.

  • Improved Security and reliability – because the image is not running on top of a operating system that may, or may not be properly secured and maintained
  • Improved Performance – as the resource demands of a bare metal hypervisor are less than that of a type 2 hypervisor + local operating system
  • Reduced Management – and if managing devices yourselves – don’t need to be concerned about maintaining the host OS – because host os is the core #1 hypervisor – very different beast to traditional desktop OS.

Thus, while bare metal hypervisor for desktop devices can be used in a BYOC service they may currently be too limiting in terms of management and choice of device than alternatives.
Is a Hypervisor Enough?
Citrix XenClient is of course, the client component  – the bit that sits on the tin. Obviously, that client is only useful when its got something to run – such as a virtual machine.
In deploying a such a client what other functions would you need to deliver a viable service to users? The sum is 0nly as good as its parts. Its should be more than an imaging service – it should be able to:

  • Backup & Restore user data – your data is your most important asset – this service should protect that.
  • Revoke access to device – you no longer employ this person; you’ve lost the device: how do you prevent access
  • Revoke access to an image – perhaps you don’t control the device – but you should at least control access to your corporate desktop
  • Encrypt remote image – your data is your most important asset – this service should protect that; its on a device outside of your network
  • Deploy applications to remote users – this solution is primarily about mobility: what is the saving if your staff have to return to base for updates as before.
  • Remotely update the core client – a hypervisor is an operating system: its less likely to change – but change is a constant – how will you be able to manage that?
  • Collect Diagnostic information from the device – the advantage of a client device hypervisor is that it can provide diagnostics of the virtual hosts themselves – but how do you retrieve that information and how is it displayed?
  • Easy migration – can you convert your existing desktop images, or do you have to start again?
  • IT or user select OS/application – this is perhaps the most interesting consideration. The Company provides you with the funds to purchase your own laptop, The Company permits you to install your own OS. For a developer, for a tester, for a home user this may well be aboon. Yet, what functions and security are available to ensure a separation between the different operating systems running on that device. Is it possible for a home image to utilise resources on a work image? If so, what risks are exposed to your corporate environment?

A client side hypervisor has the capacity to be a powerful tool – there will be a temptation to create a number of features that are incorporated into the core hypervisor. Firewalls, anti-virus, intrusion detection, virtual networking – yet, the advantage of such a light core operating system is that it becomes a bloated operating environment with a cost of ownership that matches the environments it hosts.
Where is VMware?
It was suggested that VMware’s View anticipated 4.5 release, reportedly released Q4 2010, would include a bare metal hypervisor for desktop device. We understand this is no longer the case. In fact, you can read about their decision on VMware’s own blogs http://blogs.vmware.com/view/2010/05/real-byoc-and-view-client.html
In that article, VMware have a valid point, as I’ve already mentioned, bare metal hypervisors for desktop devices aren’t a great enabler for a BYOC service. While I personally disagree with the suggestion that staff can be recruited or retained solely on the availability of a BYOC model  – the functions of the service can be useful .
Yet, this service is not a BYOC solution. This is a solution to negate needing different image builds on end devices while using the resources on that end device: this is a solution to change the way you deliver desktop services, reduce costs yet – not have to rely on a centralized data center infrastructure.
Should I buy it, or hold off a while?

Excellent question.
What do you need to do?  This is a technology that Citrix offer more as a  ‘laptop solution’ – but both Virtual Computer and NeoCleus have realized can be a more comprehensive desktop solution.
Virtual Computer appear to have an edge on providing a client and management interface  for now, but given XenClient’s appearance Virtual Computer need to capitalize on their Hyper-V solution and better publicize their supported device list; possibly even offer a ‘developer/limited use’ version for free.
Xenclient is getting/will get a lot of publicity. Citrix are good at that. Are they likely to struggle because of a reliance on XenServer?  The advantage that Citrix has is that they are embedded in a lot of organizations – they have a name IT administrators trust – provided  no one mentions printing – but even XenApp users are using ESX/Hyper-V. At the same time – Citrix have developed relationships with Dell and HP – if this type of service is embedded into a laptop at buy time there is a great potential there not only for businesses to manage their assets better, but for consumers to treat their laptop devices like iPhone users treat  their SmartPhone.
VMware have a product that Citrix doesn’t have in their VMware View Client – arguably a “better”  resource for BYOC model because it allows you to work offline, yet doesn’t require you to introduce a different core OS.
Neocleus’s model is very interesting – especially with buy in from a service provider – manage the operating environment outside of the operating system, and be (relatively) independent of  device. That is a great advantage for anyone managing a number of devices.
So.. Should I buy it, or hold off a while?
Well – you’re persistent I’ll give you that.
Bare metal hypervisor for desktops device enable your organization to change the way you think about your PC lifecycle management. XenClient’s offering is not yet a full solution – there are more complete alternatives available now. Neocleus have gained the buy in of a service provider and Virtual Computer have a feature rich product based around Hyper-V.
You can deliver savings to your organization with this technology: but bear in mind you will need to have compatible devices and most likely have to change the way you support users.
Bare metal hypervisor for desktops devices, as a solution to reducing management costs and improving the user experience is undoubtedly a contender.

BigFix, Inc. and Neocleus have signed a technology licensing agreement, which enables BigFix to deliver Neocleus’ client virtualization technologies via the BigFix Unified Management Platform.

2 replies on “Citrix XenClient Enters the Ring”

  1. Andrew,
    Although I agree with you on your points I feel that there is an important and unique aspect on XenClient you are missing. As Citrix are big enough they have buy in from major notebook manufacturers to OEM their free client hypervisor.
    This gives HP, Dell etc the ability to provide value add in terms of ‘hidden’ vms behind, giving extra management, restore, feature and support options.
    For example, an extra feature could be completely secure browsing. You could run a tiny Linux VM in the background, publishing a browser through to the main OS. You would have you usual browser and a second ‘banking/secure’ browser. This would give a very secure option for financial/sensitive transactions online. It would completely prevent software keylogging and drive-by malware. If done right it wouldn’t be too hard for users to get and could be a major USP for the first manufacturer to implement it.
    As both Virtual Computer and Neocleus charge for their client hypervisors then this is probably not a model for them.

  2. Jim,
    Citrix’s buy in from HP and Dell is an interesting headline – but does that mean HP and Dell won’t buy into a VMWare solution in the future if one is released? I can’t see that personally. Is that going to impact on sales for the smaller players? longer term its going to depend on the management I think and the value those players can add to the core hypervisor – which, effectively iirc, Xen across the board. You could argue that its the management facility you’re paying for rather than hypervisor itself: and as I say I think Nxtop’s interface is the richer at the moment. I’m sure if Citrix think that management is Essential they’ll ask for some form of payment.
    What Neocleus have done is integrate/team up with a systems integrator – will this be something VirtualComputer do as well? Because – as you say (and I agree with you ) the facility to have different devices running on the same machine is useful: enabling this for service providers is going to make updates a less complex process – helping them make a better return and deliver quicker to their punters.
    Take a step back from that, from Dell/HP and the like’s point of view maybe I can develop new builds for my new devices more easily; offer you the consumer/business user services to backup your data, to update your OS all with less ‘risk’- all interesting value-add options for their tin. You can go into a shop and get them to back up your phone & transfer the data before you buy a new one – why not your laptop? Want Windows 8 but are worried about losing the pictures of grandma in the upgrade – not a problem.
    I’m not convinced of the “it would completely prevent software keylogging and drive-by malware”. “Make it harder” sure – but if you’ve got the facility to get into a BIOS on the device, or the potential to hit the core hypervisor you open up the possibility of allowing one virtual device to corrupt another, or the machine itself: which is why I’m concerned that the hypervisor doesn’t have a number of ‘features’ that reduce its own security. Flip side is, exposing interfaces to the core hypervisor environment is where the management features plug into to gain that extra value. I’d say these considerations would be less risky for a controlled business device, more of a question for uncontrolled/consumer devices; others may well disagree.
    Thanks for the comment – engaging as ever 🙂

Comments are closed.