Bare-metal Client Hypervisors

This flavor of desktop virtualization, referred to as a Type 1 hypervisor, lets virtual machines run directly on the client device -- hence the bare-metal moniker. The other client virtualization strategy, Type 2, places virtual machines on top of the operating system. The bare-metal approach offers the potential for better performance since fewer layers of software are involved. The technology is also considered more secure since it avoids viruses, key loggers or other issues in the base OS.

Type 1 client hypervisors available today include Citrix Systems Inc. ’s XenClient (which debuted in 2010), MokaFive ’s BareMetal (which began shipping in June) and Virtual Computer Inc.’s NxTop (which launched in 2009). In addition, Microsoft  reportedly may include its Hyper-V Type 1 technology in its upcoming Windows 8 client operating system, although the company declines to confirm those reports.

In the enterprise, bare-metal client hypervisors are gaining acceptance among customers who require an extra measure of security. The Type 1 technology also plays a role among customers who want to create business-only images for their corporate-owned machines, as opposed to employee-owned clients brought into work. Type 2 hypervisors are typically the rule for the bring-your-own-device style of computing.

As for hardware platforms, Type 1 devices currently focus on desktops and laptops. Industry executives question whether those hypervisors will find their way onto media tablets and smartphones as well.

While the technology hasn’t fully matured, bare-metal hypervisors could merit a look for organizations mulling virtualization. Bare-metal client hypervisors “have a very valid use case,” says Mark Bowker, senior analyst at Enterprise Strategy Group .

“IT organizations ... should be thinking about ways to include it in their environments,” he says.

The Case For Bare-Metal
Type 2 virtualization products do an adequate job -- letting users run Windows on Macs, for example -- but Citrix wanted a hypervisor that could have more control over virtual machines, notes Ramana Jonnala, vice president of product management for XenClient. In January 2009, Citrix agreed to work with Intel Corp. to create a Type 1 client hypervisor based on Xen open-source technology.

The Type 1 approach lets organizations provide enterprise laptops with separate business and personal environments. An IT administrator can maintain a business-only virtual machine, providing patches and updates, and let users manage their own personal virtual machine, says Jonnala. That way, administrators don’t have to worry about end users downloading software that slows the laptop or causes malware infections -- at least on the isolated business side.

“It lets them have better control of managing the images on the laptop,” he says.

“It also means they don’t have users installing apps or malware that affect corporate apps anymore.”

Similarly, MokaFive views management as key to client virtualization. Purnima Padmanabhan, the company’s vice president of products and marketing, says virtualization addresses the problem of managing distributed endpoints.

“It allows me to control the image and wrap it in a secure bubble and drop it on an end point,” she says.

MokaFive in May launched BareMetal, a Type 1 hypervisor that targets corporate-owned client devices. The hypervisor lets IT managers deploy the identical “golden image” across desktops and laptops. The company also markets Type 2 client virtualization technology geared toward employee- or contractor-owned gear.

Padmanabhan cited Windows 7 migration as one role for the company’s bare-metal product. The hypervisor lets companies install a Windows 7 environment on a range of machines without having to create separate Windows 7 builds for each type of hardware platform, she says.

And both Padmanabhan and Jonnala pointed to security-minded customers as a market for bare-metal client hypervisors.

Citrix in May debuted XenClient XT, which takes advantage of the security capabilities of Intel Core vPro. The federal government market is the initial audience for XenClient XT, says Jonnala, noting the need for secure environments in that space.

Citrix already has rung up some orders for XenClient XT and “a good number” of customers are evaluating the technology, according to Jonnala.

Evolution
Bare-metal clients are making progress, but Bowker says the technology’s development continues.

“Let’s not get too far ahead of ourselves. This technology, in particular, is still evolving,” he says.

Bowker suggested more work needs to be done on the management side of client hypervisor technology. He says the most important thing to focus on is the ability to centrally manage, maintain and secure devices.

Recent vendor moves in that direction include Citrix’s Synchronizer, which the company says helps customers install XenClient-equipped laptops across larger enterprise environments and manage virtual desktops centrally. Synchronizer is included in XenClient 2, which was announced in May.

In addition, MokaFive’s BareMetal applies updates to machines through a central management console.

Beyond management, there’s another consideration for the future of bare-metal: Will the technology play a role in mobile platforms such as media tablets and smartphones?

Jonnala says XenClient specifically targets corporate laptop users, adding that Citrix has a different virtualization strategy for devices such as tablets and smartphones. In that area, the company emphasizes Citrix Receiver, a universal software client that gives users access to the corporate desktop and applications delivered via Citrix products. Citrix offers Receivers for mobile platforms including Apple, Android and RIM.

Padmanabhan says MokaFive is looking to have a solution for mobile devices, but notes that it will not be based on a hypervisor technology.

“Hypervisors as we know them are too heavy to run on mobile devices,” she says.

“So today, we support the ability to remote to your desktop from the mobile device.”

Bowker, meanwhile, questions whether bare-metal client hypervisors are relevant for media tablets and smartphones. He says he views the IT challenge in this space as designing, architecting and modernizing apps to be used on mobile devices. Leveraging the operating system, as opposed to running virtual machines directly on the hardware, is key.

“I don’t see multiple instances of Android on some tablet device,” he says. “I’m not buying into that one yet.”

New DIY BI: Is Your Infrastructure Ready?

With new PowerPivot for Excel, Microsoft is democratizing business intelligence (BI) in the same way that PowerPoint transformed business presentations. A free, downloadable add-in for Excel 2010, PowerPivot taps into the rich analytic capabilities of Microsoft SQL Server 2008 R2 Analysis Services, offering centrally managed, self-service, ad hoc BI within the Excel interface we’re all familiar with. To keep BI manageable and allow robust collaboration, analytical results can be shared using Microsoft SharePoint 2010.

PowerPivot’s end-to-end capabilities -- enhanced by its optimization on the new multicore client and server platforms -- provide compelling reasons to accelerate your technology refresh sooner than later.

Triple Play: Excel + SQL Server + SharePoint
PowerPivot meets a long-awaited business need. Organizations are awash in data, and the ability to turn that data into actionable information can deliver a competitive advantage by improving product development, customer service, and operational efficiency. Despite the benefits, a recent Gartner survey found that only 28 percent of potential BI users actually employ BI.

PowerPivot aims to make it easier for businesses to achieve those advantages, while allowing IT to increase its return on previous investments in databases and data warehouses. Three of Microsoft’s core products -- SQL Server, Office and SharePoint -- all released new versions at the same time, and the reason is PowerPivot.

High-speed Analysis at Your Fingertips
Excel has long been used for lightweight analysis, but users have been hampered by performance barriers as well as limitations on the amount and types of data and the analytic functions available. PowerPivot -- Microsoft SQL Server PowerPivot for Microsoft Excel 2010 -- removes those limitations. It provides a powerful tool set to help users gain deeper insight into business activities and compress their decision cycles.

Among the most important enhancements:

  • Virtually unlimited support for data sources provides a foundation for users to create mashups of source data from any location -- relational databases, multidimensional sources, cloud services, data feeds, Excel files, text files, data from the Web, etc.
  • In-memory analysis using the VertiPaq engine enables high-speed desktop analysis of hundreds of millions of rows of data. VertiPaq uses columnar storage and efficient compression algorithms to load and process even the largest data sets into memory.
  • Data Analysis Expressions (DAX) bring powerful relational capabilities into the hands of power users who want to create advanced analytics applications.
  • SharePoint integration enables users to share data models and analysis to publish their PowerPivot workbooks through the familiar portal.

PowerPivot won’t replace enterprise-scale BI applications, such as SQL Server Analysis Services, which will continue to play an important role in company-wide decision-making. Because it plays to the area of analysis that people do for their own needs -- or the needs of their team or department -- an end-to-end solution would be overkill.

Hardware and Software Make Self-service Manageable
For IT leaders already plagued by proliferating spreadmarts, self-service BI might sound like a potential nightmare. To address those concerns, Microsoft emphasizes that managed self-service BI and a variety of capabilities -- both in the software and in processor technologies -- allow greater IT control while making PowerPivot easy to deploy, monitor and manage.

Because analytic workbooks and reports are stored in SharePoint, IT can create an environment for users to access and share them. A management dashboard enables IT administrators to monitor and manage reports, maintain control over how the data is used and configure refresh cycles to ensure data remains current automatically.

PowerPivot features remote repair and securing of PCs, and works with Microsoft System Center Configuration Manager (SCCM) 2007 SP2 and Intel vPro technology to provide a secure, encrypted power-up capability for pushing PowerPivot for Excel 2010 and security software updates down the wire. [Disclosure: Intel is the sponsor of Intelligence in Software.] On those vPro processor-based PCs, you can also embed credentials in the hardware and use SCCM SP2 to authenticate network traffic.

Adding to the Load on Clients and Servers
As an end-to-end software solution, PowerPivot raises the demands on all layers of the IT infrastructure. PC users will need multicore computational power and security for rich analysis on the desktop or laptop. In the data center, the need for performance, memory bandwidth and energy efficiency rises at each tier to support higher numbers.

Platforms based on the latest Intel technologies deliver unique value for PowerPivot deployments. Excel and SQL Server take optimal advantage of multiple threads and cores. And at the operating system level, Windows optimizes performance and energy efficiency. If the workload is light, Windows sources Intel power management technologies to allow server cores to run idle and lower energy consumption. If you’re doing a lot of year-end or quarter-end analysis and really stressing your systems, the Intel Turbo Boost Technology kicks them into higher gear. Running databases on the Intel Xeon Processor 7500 series for higher scalability delivers benefits from features, like Machine Check Architecture and error recovery capabilities, which Windows Server 2008 R2 utilizes to improve reliability.

PowerPivot raises the requirements at each tier, with SharePoint Server 2010 for reporting at the front end, SharePoint Server 2010 for PowerPivot in the application tier, and SQL Server 2008 R2 for data and workbook storage at the back end.

Business analysis staff requires far more performance and reliability than aging PCs can provide. At the client level, the second-generation Intel Core vPro processor family provides right-sized performance and cost savings. Efficient maintenance features help users speed time-to-data while increasing security and manageability capabilities.

In the data center, processors require massive memory bandwidth (with up to 50 percent more cores and cache) in order to increase performance for self-service BI analytics and to provide greater throughput and responsiveness for multithreaded SQL Server 2008 R2-based applications accessed using PowerPivot. Windows Server 2008 R2 Hyper-V offers greater virtualization security and lowers data center costs for PowerPivot infrastructure in a virtualized environment.

Get Ready for a Tsunami
Although end-to-end enterprise BI solutions will continue to be the bedrock for company-wide decision-making, all indications are that PowerPivot will soon begin to transform ad hoc decision-making by business units, financial teams and individual planners. We’re going to see a BI tsunami coming very soon. This will permanently change access and utilization of BI for the masses and will transform the fundamental way people use data to accelerate their businesses.

The Billion Dollar Lost Laptop Problem

Every time a business laptop is lost or stolen, an organization takes a direct cost hit. But how much of a hit might surprise you. What would your organization do if it realized that each year it’s losing millions of dollars in this way? Odds are, it would be far more diligent in protecting laptops.

Last year, the Ponemon Institute released a study (conducted independently and sponsored by Intel) of The Billion Dollar Lost Laptop Problem, an independent benchmark of 329 private and public-sector U.S. organizations -- ranging in size from less than 1,000 to greater than 75,000 employees and representing more than 12 industry sectors -- to determine the economic cost of lost or stolen laptops. What they found: The cost is huge.

Participating organizations reported that in a 12-month period 86,455 laptops were lost or otherwise went missing. That added up to 263 laptops per organization on average.

According to an earlier Ponemon Institute study (conducted independently and sponsored by Intel), The Cost of a Lost Laptop, the average value of a lost laptop is a staggering $49,246. This value is based on seven cost components: replacement cost, detection, forensics, data breach, lost intellectual property costs, lost productivity and legal, consulting and regulatory expenses. It’s important to point out that the smallest cost component is the replacement cost of the laptop.

Some of the salient findings from The Billion Dollar Lost Laptop Problem report:

  • The total economic impact for 329 participating companies is $2.1 billion, or on average $6.4 million per organization.

  • Out of the 263 laptops per organization that are lost or go missing, on average just 12 laptops were recovered.

  • Forty-three percent of laptops were lost off-site (working from a home office or hotel room); 33 percent lost in transit or travel; and 12 percent were lost in the workplace.
  • Twelve percent of organizations said they don’t know where employees or contractors lose their laptops.

  • Although 46 percent of the lost systems contained confidential data, 30 percent of laptops lost had disc encryption, 29 percent had backup, and just 10 percent had other anti-theft features.

  • Industries that experience the highest rate of laptop loss are education and research; health and pharmaceuticals were next, followed by the public sector. Financial services firms had the lowest loss rate.

  • Laptops with the most sensitive and confidential data are the most likely to be stolen. However, these laptops are also more likely to have disc encryption.
  • Average loss ratio over the laptop’s useful life is 7.12 percent. That means more than 7 percent of all assigned laptops in benchmarked companies will be lost or stolen.

But Who's Minding the Data?
Not nearly enough organizations, it appears. Given the significant financial impact of missing laptops and the vulnerabilities of stolen laptop data, it is astonishing that the majority of these companies aren't taking even basic precautions to protect them.

The worst cost component is the data breach. A stolen laptop can be easily booted to reveal passwords, stored temporary files the user was even unaware of, and access to VPN connections, remote desktops, wireless encryption keys and more.

That’s enough reason to do something. Here are your best options for protecting your organization’s data integrity against all of that potential mayhem.

  • Full Disk Encryption: Full disk encryption prevents unauthorized access to data storage. Under this scenario, nearly everything is encrypted, and the decision of which individual files to encrypt is not left up to users' discretion.  But all too often, end users choose to disable the full disk encryption, probably because they incorrectly assume it significantly slows all of the processing.
  • Anti-Theft Technology: Laptops can disable themselves, when the hardware observes suspicious activity, if they get lost or stolen. When the laptop is recovered, it can be easily reactivated and returned to normal operation.
  • Data in the Cloud: Keeping sensitive material off your laptop by storing data in the cloud is not a viable solution, because that does nothing to protect the data. Such data is easily accessible by simply cracking the login credentials. Worse yet, the existence of a full backup actually increases the cost of a lost laptop, because backups make it easier to confirm the loss of sensitive or confidential data, resulting in greater expense from  forensic diagnosis and recovery efforts.

Just like Smokey the Bear says about you and forest fires, only you can stop data loss.