Smartronix CTO Robert Groat says his firm does a lot of work with the U.S. Marine Corps, and security was a top priority in virtualizing 50 remote users. "I didn't want to open up our corporate systems to home PCs," he says. "I wanted to reduce the surface area of our exposure."
The way he did it was to implement Kidaro Managed Workspace, which sits on top of the virtual machines generated by VMware's ESX server and applies a set of IT-defined policies and resources to them. The visual displays of the VMs are piped over the network to the users; the data and applications remain on the central server.
Kidaro also offers Smartronix the option of putting a user's workspace on a USB device in the form of Kidaro-To-Go. A mobile memory device might seem the epitome of a loose cannon when it comes to security, but the virtual machine included on it is encrypted and password protected and incorporates a locked-in VPN for accessing the corporate server. That means no user-access information floating around on a mobile worker's laptop. Managed Workspace runs in VMware's Player 2.0 on the user machine.
BRAWNY BIG BROTHERS
Groat's experience is likely to become more common as IT administrators recover from their dizzying gains in server consolidation and lowered power consumption and start applying virtualization to clients. When they do so, they'll come upon mostly unknown startups--the likes of Pano Logic, Thinstall, XDS--that are joining their brawny big brothers, VMware and Citrix Systems, in bringing virtual machines to the desktop.
Problem is, there's no one good way to do it.
Kidaro offers end-user management and security advantages but doesn't guarantee overnight scalability to 10,000 users, the way Citrix's user application virtualization product, Presentation Server, does.
Pano Logic invites its customers to leave PC hardware behind altogether and adopt its 3.5-inch square chrome box. The Pano offers the advantage of relaying the user interface from a central server to a desktop display with minimal hardware expense, but you won't necessarily find a shiny Pano box in every hotel room.
XDS offers the hardest-to-explain option, which consists of authenticating end users on a remote server at an XDS data center, then equipping their desktops with virtual machines from a server inside the user's data center. The approach offers advantages in security and provisioning large numbers of users. But the company's explanation has left many scratching their heads on how to adopt it.
A larger potential player is Symantec, which acquired Altiris and its Software Virtualization Solution desktop virtualization system in April. Altiris brings strengths in identifying incompatibilities between applications and Windows Vista or other operating systems. It can package an application into a virtual machine with its dependent dynamic link libraries so that it runs on Vista without revision.
And don't forget Microsoft, the 800-pound gorilla that's yet to make a peep. With its acquisition of Softricity last year, Microsoft gained the ability to virtualize applications; it already had the capability to virtualize the operating system with its Virtual Server. It's unlikely to remain silent for long once it sees newcomers stealing users out of its desktop domain. But for now, it has its hands full getting its server-side Viridian virtualization technology ready for Windows Longhorn Server after Longhorn's launch next year.