May 20, 2010
So you might have read the headline and thought to yourself "I know what all of those words mean, but not in that order..."
Last week was Citrix Synergy, and annual productannoucement / cheerleading session from Citrix. (Interestingly enough, it was scheduled to overlap with EMC World, and on the opposite side of the continent, so people had to pick which to attend. That's an interesting bit of psychological warfare, and I wonder how it affected them...anyway, end digression).
At Synergy, Citrix announced XenClient, the next logical step in the progression of desktop virtualization, namely a bare metal hypervisor.
Essentially, a bare metal hypervisor is a kernel (and generally speaking, the attached very small OS) that is responsible for hardware and resource management of a computer, which it metes out to guest virtual machines that run on top of it. If you're still struggling to tread water at this point, IBM created a longish Introduction to Virtualization that will help, while TechCollective wrote a much shorter, simpler virtualization overview that will help in a time crunch.
Previously, bare metal hypervisors had been restricted to the server space, and servers have been gearing their hardware toward it. Both Intel and AMD have been racing to add more cores per socket, and both have included on-chip virtualization features designed to make passing instructions and memory contents to VMs more efficient.
With the recent Nehalem chips, Intel has been able to release very, very high performance chips, even on laptops. The i7 / i5 chips are full of virtualization potential, but sadly, until now, they've had* to make due with userland virtualization solutions like VirtualBox, or if you're in the "I like to pay for software" camp, VMware Fusion, or Parallels.
(* - Alright, so some people have gotten ESX(i) to run on laptops. That doesn't mean it's a good idea)
Well, now there are better (or at least, different) options.
Because of the in-processor virtualization features that it relies on, the hardware compatibility list isn't what I would call extensive, but more laptops will be built that take advantage of these new processors, so this list will grow as time goes on.
As luck would have it, the Lenovo T500 is on the list. That laptop is the one that I decided was going to be the "fleet" laptop for the company last year. Currently, I only have 3, and they're all in the field, but I sweet-talked one of the salesmen into letting me "borrow" his laptop for the night.
As soon as we had the laptop, my junior admin took an image of the existing OS install using Clonezilla, so we could restore the machine to good working order quickly. Once that was done, we popped in the XenClient CD and rebooted. We immediately got this error:
Well, duh. I guess I didn't think about it, but of course we should have checked the BIOS and set those. VTx is the in-processor Virtualization Technology, and can be toggled via a setting in the "processor" screen in the BIOS. VT-d is a technology used for I/O passthrough, which helps ensure VM performance, and is set in the same place as VTx.
Having fixed that, we rebooted and were on our merry way. The first choice we were given was to choose between a quick install or an advanced install. Of course we chose "Advanced Install". Looking at the User Guide, there's not too much of a difference. We did get this screen:
Which deserves some explaining.
As you (probably (hopefully?)) know, system administration is moving away from ad-hoc administration of one computer at a time to managing infrastructures at a time. Citrix realizes this, and has included methods for managing your fleet of XenClient-running laptops. The primary method is XenClient Synchronizer. Let me just quote from their webpage:
Citrix® Synchronizer for XenClient™ enables laptops with XenClient to download centrally managed virtual desktops. Using Synchronizer, IT can centrally backup user data through the secure connection whenever the user connects to the internet, define security policies for managed laptops, disable lost or stolen XenClient laptops and restore a user’s virtual desktop on any XenClient based laptop.
That sounds okeydokie to me. And apparently, it's free, although I'd be really surprised if they didn't offer commercial support for it. In fact, I'm interested to see where the licensing for this whole line goes, but I'm digressing again. Back to the install...I didn't have the time to spin up a Synchronizer install, so I skipped this. When I get a spare laptop and a little time, it is something that I'm going to be testing, though.
The next step was formatting the drive on the laptop. It did warn me in big giant letters that it was destructive, and that I'd lose the data contained thereon, so that was nice, but pretty boring overall so I didn't take a picture. Following the completed install, the machine rebooted.
The boot process is nice. There's the omnipresent throbber to let you know that the machine hasn't hung, and when you finally get into the XenClient interface, it's good. It's not beautiful, but it's smooth. It reminded me of something that Apple might use, if they were into brushed stainless steel instead of white plastic. Because it's an OS designed for a laptop, it has all of the laptoppy things and user niceties that people like. You can change backgrounds, you can dictate power options, etc. Below is an embedded movie of me going through the settings in the control panel.
(there's no useful sound, so don't worry about unmuting it)
As you can see, it looks a lot like a "regular" operating system. It just doesn't do anything....except run virtual machines.
Speaking of, lets talk about that...
You'll notice on that screen that the only guests available are Windows XP, Windows Vista, and Windows 7. Funny, but I wanted to install Linux. I figured that if the virtual machine could run XP, it could probably run Linux, too, so I popped this in:
and booted it up. Sure enough, before too long...
You'll notice that it looks exactly like a native install. There is no Window containing the VM. It's completely immersive, and it should be. This is going to be someone's operating system, and they don't want to have to constantly deal with the fact that it's a VM. Citrix (and your user) wants that to be a non-issue. So it is. And it's very convincing. Fortunately, they do tell you to hit ctrl-0 before the VM starts, so you can return to the XenClient interface:
We also ended up installing Windows XP, but I didn't take pics of that install process, mostly because there's no difference between it and any other OS install, except for the time.
Good lord, did it take a long time to install operating systems on this. I don't know what was wrong with the I/O, but it was _not_ good. I'm fairly sure that we enabled VT-d, but man. It took nearly an hour just to get through the "...35 minutes remaining" part of the Windows install. It won't be an issue if you've got Xen Synchonizer, since it's not using vitualized I/O at that point (and the initial XenClient install didn't take over-long), but I was not impressed with the disk performance. I didn't run any tests, but that's going to be the first thing I do when I get my own laptop to play with.
The only other oddity that we saw was that the T500's HDMI output didn't get virtualized. It's very possibly a lacking on my part to get the Xen tools installed, or something similar, but this was my result (on Mint, anyway):
I'm certain that it will get fixed (or that I'll learn how to do it), but just fair warning.
With each new guest that you install, the shortcut key increments by one. So you hit ctrl-0 to go to the "Xen Receiver" desktop, then ctrl-1 to go to your first VM, Ctrl-2 to go to the 2nd, etc etc. Here's a video of me flipping between desktops. It really feels like using a KVM (that's keyboard/video/mouse, not kernel-based virtual machine).
(by the way, if you aren't getting these videos, feel free to check out the blog entry at the Standalone Sysadmin blog)
So that's XenClient, or at least, as it stands now. The one thing that I haven't talked about is 'why'. Why would you want to do this?
There are at least a couple driving reasons.
First, security. If you run a locked-down OS for work, your computer is nearly unusable for anything else. When you're on the road, that means your only computer is the one that you're prevented from using. With this technology, you can have a second machine that has no ability to interfere with the security of the first one, and it's usable. There are some fairly hefty arguments against this particular use case, chief among them is "that computer belongs to work, and installing and maintaining an additional OS image for the sole purpose of non-work activity is a waste of resources". Honestly, it's hard to defeat that logic...
Another reason would be if you need to run legacy applications on legacy OSes. I installed Linux. XP runs fine. If your company is moving to Windows 7, but needs an app that (for whatever reason) requires XP to run, that's an option.
From a sysadmin perspective, I love the idea. I run Windows XP in VirtualBox right now. If I could use a hypervisor to give it better performance, I would, in a heartbeat. I would lose the integrated nature of the desktop, because I'd have to flip back and forth, but I expect that will change in the next couple of years, too. I imagine that eventually XenClient's desktop will become something like a compositing window manager which can display windows from all running guests. Eventually.
Anyway, that was my review of XenClient. It seems like it's going to be interesting, and I'll be watching to see how people respond. HP has already produced the first laptop designed to support XenClient, which I suspect means they had a laptop nearly ready for production which just happened to fit the requirements, but whatever.
So what do you think? Impressed? Not impressed? Tell us what you'd use it for in the comments!