Recently I've had the opportunity to speak with Ariel Gorfung, CEO, and Etay Bogner, CTO, both of Neocleus about their concept of "Endpoint Virtualization." At first I didn't understand how this differed from the various forms of desktop virtualization that others are speaking about. Now I understand that they're bringing some terms commonly used in the security community to the world of virtualization technology. Neocleus sees its role as bringing very high levels of security, management, reliability and control into the wild west of virtualization.
Back in March, I posted a series on "desktop virtualization" that began with a post, Just what is “desktop virtualization” anyway? and then went on to look at the relationship between this concept and the concepts of access virtualization, application virtualization and virtual processing. During my series on cloud computing, I pointed out that several suppliers have also added the wrinkle that the desktop workload could be hosted on the local machine on a local server or on a server somewhere on the network, a.k.a. cloud computing.
Neocleus was referring to running one or more local virtual machines on a local physical system combined with accessing remote virtual machines in a very, very secure, managed way. Neocleus is keen to point out that there are two types of hypervisor technology. Type 1 virtualization is hosted on the physical machine itself. Type 2 virtualization is part of an operating system. In both cases guest operating systems and workloads can be hosted on the physical machine. Neocleus is dedicated to using Type 1 hypervisors.
VMware's ESX server and Xen is an example of a type 1 hypervisor. It runs on the physical machine directly. Guest operating systems (virtual machines) run in a virtual world created by the hypervisor. There is a high degree of isolation of one virtual machine from another and from all virtual machines and the underlying hypervisor and physical system.
KVM and Hyper-V are all typically seen as Type 2 hypervisors. They are embedded in a general purpose operating system. In this configuration, virtual machines and other workloads can both share the same physical machine. While there is some isolation of one virtual machine from another, if something goes wrong with the host operating system, that problem could go on to cause related problems in all of the supported virtual machines.
In future posts, I'll consider what this all means to those considering a desktop virtualization strategy.