In a surprising about-face VMware has stepped back from its previously announced plans to release a type I hypervisor in support of its bid to address the mobile hypervisor market. Instead at VMworld 2010 in San Francisco during Session DV7701 “Embracing Employee-Owned Mobile Phones – The Why and How”, Stephen Deasy (Director, R&D, VMware) and Srinivas Krishnamurti (Senior Director, Mobile Solutions, VMware) shared their new plans for a type II mobile hypervisor platform.
VMware’s original vision for a mobile hypervisor was concieved some time in 2006 when it asked a team of internal developers to build a prototype platform. six to nine months later, the prototype was complete, and the company soon convinced itself that a full-fledged product could compete in the marketplace. Rather than continue with its own internal development team, VMware chose instead to go out and buy French compnay Trango who’d already built a full-fledged type I hypervisor. VMware subsequently demonstated a smart phone dual booting Android and Windows Mobile, and announced its ultimate goal of being to be able to run multiple Smartphone operating systems concurrently on the same device. VMware is still promoting its original vision for it “mobile virtualization platform” (MVP) on its MVP website where it decribes MVP as being ‘Based on a hard real-time, certified microkernel” i.e. a type I hypervisor architecture and details the many benefits that a type I hypervisors offers in terms of security and portability. Now however, VMware has set its sights lower redefining MVP as a type II hypervisor based offering running on top of an un-named Linux kernal (most proabably Android).
The fundamental difference between a type I and a type II hypervisor is that the former runs on bare metal, between the hardware and the operating system; where a type II hypervisor runs on top of an OS. That difference is crucial. It implies a completely different relationship between the hypervisor and the mobile operating systems, not to mention creating an attack surface that is between one on two orders of larger than seen with a type I hypervisor. VMware have long battled with Microsoft over the relative difference in size of attack surface presented by ESX(i) and Hyper-V, so it’s not as if VMware is unware of this concern. With Type-1, the hypervisor is master, it controls the OSes (called “guests”). With Type-2, the master is an OS (the one which hosts the hypervisor), it controls the hypervisor, which can only control the other OSs. Again VMware is very much aware of the merits of a type I hypervisor in terms of security of the guest OS, but this time is down-playing what previously drew to attention. While not directly acknowledging the inherent weakness of a type II hypervisor, VMware is incorporating features in its design that are directly associated with addressing this concern. All data is in the Guest OS secured through an encrypted file system and all communications secured through an always-on VPN connection back to the corporate network. This connection is used both for data communication and for managing the guest OS configuration, managing applications, and controlling the operational status of the guest VM (i.e. providing remote lock and remote wipe capabilities).
As well as sharing its revised plans for MVP, VMware has also offered a glimpse at its plans to extend its desktop virtualization platform VMware View to become a ubiquitous end-point management platform, covering desktops, laptops, thin-clients and now dedicated mobile devices (phones and tablets). It isn’t clear what VMware hopes to achieve by this consolidation, there is no pressing need to establish a single management platform across both virtual desktops and mobile devices, and there is considerable risk such a move will have negative consequences when it comes to managing platform release scheduling.
VMware did not share any information regarding the motivation behind the changes to its end-point strategy, but it may well be a tacit acknowledgment to the combination of the technical complexity of developing a type I hypervisor for a mobile device, and the difficult that VMware will having in obtaining a foothold in a market that is dominated by Open Kernel Labs (OK-Labs) and its type I hypervisor. VMware is actively looking for enterprise partners to participate in a pilot program, but even so it is difficult to see how VMware will obtain any significant traction in the mobile device market.