Intel and Citrix embed a VM

CITRIX AND INTEL publicly launched a new project a few days ago, and it ties a lot of their forward looking hints together nicely. More importantly, it shows exactly where Intel sees VMs, VPro, and client security going.

There was no product announced, just a joint collaboration agreement - the products will come out around the second half of 2009. Intel and Citrix are going to be making a type 1 hypervisor, that is, one that runs on the bare metal of the computer. This will all be tied into VPro, the VMM will be directly embedded in the firmware, and it is nothing that anyone who was paying attention didn't see coming.

The idea is quite simple - you have the hypervisor running under the OS, and with VPro branded crypto and secure boot capabilities, you can have multiple hard-ish isolated VMs. If you are issued a corporate laptop, but want to use it for non-work stuff, you can have one VM for work, one for home and one for the dog if you want. The line between them is hard enforced by the hardware.

Intel has been jumping up and down promoting this methodology for a while, and it looks like it may solve a lot of the corporate 'top 10' headaches while bringing in a few more. Some of these are solved when using existing Citrix imaging and app deployment software, some are new and exciting.

For example, you can download your OS image from the corporate LAN and go off on a business trip. Intel promises that it will run at 'near' native speeds, but wait for hard benchmarks before you bet the farm on this. Then you get back, plug in, and the software syncs to the Citrix server. Your data is backed up, that is synced to the new corporate image, and then that combined image is pushed out to your laptop with all the latest patches installed.

This potentially solves most mobile backup headaches as well as letting you test patches against a single VM image, not 43 different laptop configs. It is a win-win so far. Even if the laptop gets trashed beyond booting into safe mode in the field, VPro can, hopefully, allow you to bare metal image the laptop or load a new image through the chipset's inbuilt firmware.

Additionally, you can have multiple VMs running with secure environments, home environments, and less secure corporate images all partitioned from each other. The chipset can even full-disk encrypt some or all of the images so that the abject failure of MS to deliver on any workable security is far less of a problem. It is not just secure when running, it is also fairly secure when off, but the caveat of "If you know what you are doing when setting it up" still applies.

So, what are the problems, other than it not existing yet? First of all, it owns the VM ring of the CPU, so no other process can run virtualised. All the spiffy desktop virtualisation software that devs love to use, or running two OSes side by side, are not possible under this new paradigm.

Second and third are somewhat tied together: speed and power. VMs have come a long way, and both Intel and AMD have put the majority of the work a VMM needs to do in hardware, lessening the pain. The pain however is still there, it is just faster and more efficient.

I am curious as to how much overhead this will take up, both Intel and Citrix promise near native speeds, but 'near' is a word that has a lot of wiggle room. It will likely not be a problem, modern mobile chips are much faster than the person using them. That said, memory is still not virtualised, nor is I/O or video card access. Faking it costs in security.

Potentially more problematic is the power side. Even with virtualisation in hardware, you still have to do ring transitions, VM enters and exits, state savings, and - on Intel hardware in particular - a lot of hoop jumping when dealing with memory.

If you look at something simple like how much more battery life a DRM-infested Itunes song takes up versus a non-DRM infested one, you can see how much overhead crypto can take. Throw in memory virtualisation on the fly and I/O remapping, and you could be looking at a serious battery killer.

All of these problems are quite fixable, but until virtualisation is 100 per cent in hardware, there will be trade-offs to doing so. Some are in speed, some are in power, others may be new and exciting headaches for architects to ponder during late nights at the office.

The worst case scenario starts with someone equipping the entire CxO population of their company with the new 'secure' VMs. They get on a plane to cross an ocean, and discover that their new laptop has a quarter of the battery life of the older one, but feels as fast as the Toshiba they had in the mid-1990s. Then they get hacked anyway because they are using Windows, and it is 'game over' for that technology at large company X. Then again, it could be deployed, the CxO never sees a difference in speed or battery, and it is totally secure. Time will tell.

In the end, this is where Intel is pushing the client OS: multiple VMs running securely on a firmware based VMM. All is hard secured via secure boot, everything is remotely manageable, imageable, and fast. It is coming, but this is a first stab at the concept.

It will take a few more revisions of the hardware and software to get it working smoothly, but for now, if you need it, you can have something real close. µ