In the realm of popular beat combos, it is one thing for a band to explode from nowhere with a classic début album. Following it up is a far greater challenge. In musical terms – this is known as the “difficult second album syndrome”.
Citrix have released XenClient v2.0, their second generation bare-metal client hypervisor. XenClient allows centrally managed virtual desktops to run directly on corporate laptops, even when they are disconnected from the network. This version is intended to add ease-of-use and scalability features, and introduce a wider hardware compatibility list. In addition Citrix also launched the new XenClient XT, a standalone product designed to give advanced levels of security, isolation and performance for organisations with very specific and unique client computing requirements.
If Citrix were a popular beat combo (in the client side hypervisor charts) an issue would be that their first album struggled to set that chart alight. If it’s hard to release a second album when your first was monumentally brilliant, it is an exciting challenge when only your mother and aunt bought the first one. The first XenClient release was acknowledged, by Citrix, as being “unfit for enterprise deployment”. A severely limited Hardware Compatibility List (HCL), poor management and lack of user layering combined with no integration with XenDesktop and formalised vendor tie-ins failed to drive it up the charts.
So what is new in XenClient v2? How does it fit into a desktop delivery service? Is XenClient simply off-line XenDesktop? But more importantly – is XenClient now at least, enterprise ready?
What are the benefits of a Client Hypervisor for desktop deployment?
Desktop virtualization is being widely adopted to deliver desktops, applications and data while improving security and agility over a ‘traditional’ unmanaged or loosely-managed desktops. Server hypervisors revolutionised how organisations manage their server estates. Client hypervisors can:
- Run multiple workspaces on one device for testing, or development, to isolate environments for security, or provide access to different services (e.g. two workspaces during a merger) – all on the same device. Useful – but a function that has a relatively limited business impact for most organisations.
- Monitor and manage a workspace outside of the operating system – Some organisations already have tools to manage laptops/PCs (for example Dell’s KACE, Novell’s ZenWorks, Symantec’s Altiris Client Management Suite or Wanova’s Mirage). A type 1 client hypervisor, like XenClient, can offer similar functions for management true, but it can also compliment an existing management service to allow the recovery of a failed OS, to backup and restore user data, or restore to a replacement device.
- Deploy a standardized image to end devices – be it a laptop, a standard desktop, a blade, your devices can be managed from a central location with a single common build. This is a key client hypervisor benefit for organisations. It gives increased flexibility to choose devices, to be better able to explore new devices for business benefit, to allow for gradual refreshes rather than big-bang approaches. Organisations can save money by having the business drive laptop/PC type selection – rather than the time it takes IT to accommodate the change.
- Enable virtualization without a data-centre – hosting desktop sessions in a data-centre can be a costly undertaking. A client hypervisor allows you to utilize distributed computing, while making use of the management and reliability savings virtualization is able to deliver.
The death of the PC may be heralded. It could be argued as users bring devices to work, or devices become thin clients, the need for ‘traditional’ corporate PCs/laptops will decline. True – but, many organisations still have business needs for off-line/non-remoted environments; will want to reduce costs through better management but don’t want (or can afford) to introduce a VDI infrastructure. Or, they have introduced VDI and found that they still need to manage a device with a local OS to gain the best performance. Such business can benefit from client hypervisors.
What is new in XenClient 2?
In relation to the benefits mentioned for client hypervisors, new features for XenClient 2 include:
- Expanded Hardware Compatibility – Citrix state that this version supports three times as many laptops and PCs as previous versions. It is valid to say, if you start with a small number – multiplication by a small number doesn’t get you very far. It is a fact that XenClient’s own HCL List (as of 10th October 2011) runs to 57 devices. That said, Citrix suggest they are certified to run on an estimated 45 million PCs and laptops: but it is important to note that those devices must support the Intel Core vPro platform – AMD processors are not an option with XenClient.
- Expanded Graphics Support – v2.0 includes expanded support forIntel HD 2000 and HD 3000 integrated graphics which are available on second generation Intel Core processors, and introduces support for discrete graphics architectures from AMD including the FirePro and Radeon series of GPUs although not chip-sets from nVidia. That said, there is support for DirectX and OpenGL (all be it marked as ‘experimental’, it did work for me) and the option for direct hardware support will givw the best option in terms of performance. This is a wider selection than was available in v1.0,true and it now supports non-vPro systems so 2D support is available if needs be.
- Production-scale Synchronizer – The Synchronizer is designed to help customers deploy XenClient-enabled laptops across larger and more complex enterprise environments, while still managing all virtual desktops centrally, including full synchronization of user desktops, apps and data to NFS stores in the corporate datacenter. You do of course need XenServer installed. Granted, this doesn’t require a server OS license (XenServer instances can be installed and run for free) but, the XenClient Syncroniser does need an NFS file store to hold images and backup data. So in addition to your XenServer that hosts your Syncroniser – you need another device – *or* a second server instance to host that NFS file store.
- Simplified User Experience – There are a slew of new features to improve not only the administration of a XenClient service, but the remote user’s experience and interaction with XenClient. For example, features to allow XenClient power operations to be linked to the power state of a Windows virtual machine: which allows XenClient to be hidden behind the scene. The introduction of User Virtualization utilising layering to allow user settings to separated from the workspace. The ability to have pre-cached VM downloads so that remote users can restore /deploy VMs in an off-line/low bandwidth environment via USB (although USB deployment of XenClient is still cumbersome). And most noticeably, a revamped and more responsive user interface.
So with v2.0, is XenClient simply off-line XenDesktop?
No. They’re not the same: two very different environments. You can’t synchronise a XenDesktop instance to XenClient and vice versa. You could access a XenDesktop instance, or XenApp published applications from XenClient, sure – but they have completely different management environments. Given Citrix’s RingCube acquisition, maybe this will change in the future but for now, management and user integration between the environments does not exist.
To some extent, a confusion may stem from licensing. While the XenClient hypervisor is free: and up to ten devices can be managed for free – you will need a XenDesktop Enterprise or Platinum license for larger deployments.
What is the Difference between XenClient XT and XenClient?
XT is a security enhanced version of XenClient 1 SP1 with additional security enhancements:
- Extreme Desktop Isolation – hardened components and a unique new network isolation architecture combine to allows users to run multiple securely isolated local virtual desktops in separate security domains and completely isolated networks, all on a single physical system.
- Extreme Security – provides hardware-assisted security that leverages security capabilities in the Intel Core vPro platform. This includes a trusted boot capability powered by Intel Trusted Execution Technology (TXT) to ensure that XenClient XT is checked against a known good configuration on every boot, ensuring no unauthorized modifications to the system.
- Multi-level Desktop Consolidation – allows customers to run a large number of securely isolated desktop computing environments on a single physical system, especially useful for public sector customers who need to work on multiple sensitive contracts and projects simultaneously with full network and desktop isolation.
Other vendors are more established in this space. Integrity Global Security for example, offers the most secure client virtualisation environment, with a hypervisor specifically designed and built to be highly secure: its the only operating system to be certified by the United States’ National Information Assurance Partnership to EAL6+ High Robustness. Secunet have their SINA Virtual Workstation. Both these solutions are very secure and have the badges to prove it.
That said, XenClient XT does offer the option for security with a wider HCL list (all be it less than XenClient v2). However – for most organisations the higher security and reduced HCL is unlikely to match business needs and does XT’s accreditation match your needs?
So… Nevermind?
What does XenClient v2 do better? Is it now, at least, enterprise ready?
Many popular beat combos may well have found that second album is hard: but some have been very well regarded. Led Zepplin’s second album included classics such as Ramble On, and Whole Lotta Love. Oasis didn’t do badly, neither did Nirvana. The Beatles – you may have heard of them.
XenClient 2 improves on the previous release in terms of performance, user experience and deployment options. A Next Generation Desktop is not only about an end client computing device. The NGD is also, and perhaps most importantly, about restructuring the way applications and desktops are delivered and managed by the enterprise. For many enterprises a core advantage of a client hypervisor is in having the flexibility of choosing device types, not being tied to a specific model per build. XenClient’s improved HCL list is of advantage here – most specifically in supporting non-vPro enabled devices. However, Virtual Computer (NxTop) and MokaFive (Baremetal Player) are hypervisor solutions with more extensive HCL lists. The goal (longer term) for all vendors is to ensure that new hardware is supported as quickly as possible: business units don’t want to find that the devices that they’ve ordered don’t ‘fit’ the standard build.
Still, an issue for client hypervisor solutions is remote and off-line deployment: while it can be used off-line getting the device configured can be a challenge – especially in remote locations. Enhancements to the Synchroniser (allowing it to deploy XenClient updates and throttle bandwidth) and XenClient itself (allowing pre-cached VMs, optimised backups) are considerable improvements over the first release. A possible disadvantage is for Citrix is that to support branch office environments Branch Office Repeaters would need to be deployed. Both MokaFive and NxTop offer solutions that can be integrated onto existing branch office services.
Citrix have an advantage over other client hypervisor vendors in that XenClient is likely already licensed through a pre-existing XenDesktop license. Alternatives such as Baremetal/NxTop need additional licensing. However – both those solutions offer far more comprehensive management options in terms of assigning access to resources on the devices (such as policies for pre-configuring USB access, or wireless settings) – and both offer more comprehensive HCL lists. But then neither MokaFive or Virtual Computer have to sit their products in a pre-existing suite. Ideally Citrix ensure that XC’s deployment relies on methods other than PXE booting – with stronger links to the device vendors to have XenClient pre-installed. There would then be an option to remove synchronisation for LAN based PCs/laptops and deliver more XenDesktop instances into client side XenClient environments – managed with a single console and policy set. This offers opportunities not just for organisations to manage their devices, but for service providers to manage the devices of customers.
XenClient 2.0 is much better prepared for the enterprise sure. It is better than XenClient 1.0 but, its focus as an off-line solution for a hardware compatibility set that doesn’t support major chipsets still allows other client-side hypervisor vendors an opportunity to say “XenClient is good, but we help you manage your devices better”.