XenClient: Baremetal Desktop Virtualization

So you might have read the headline and thought to yourself “I know what all of those words mean, but not in that order…”

Last week was Citrix Synergy, and annual productannoucement / cheerleading session from Citrix. (Interestingly enough, it was scheduled to overlap with EMC World, and on the opposite side of the continent, so people had to pick which to attend. That’s an interesting bit of psychological warfare, and I wonder how it affected them…anyway, end digression).

At Synergy, Citrix announced XenClient, the next logical step in the progression of desktop virtualization, namely a bare metal hypervisor.

So what is a bare metal hypervisor? Think about server-based bare metal hypervisors…ESXi, or HyperV, or maybe even KVM.

Essentially, a bare metal hypervisor is a kernel (and generally speaking, the attached very small OS) that is responsible for hardware and resource management of a computer, which it metes out to guest virtual machines that run on top of it. If you’re still struggling to tread water at this point, IBM created a longish Introduction to Virtualization that will help, while TechCollective wrote a much shorter, simpler virtualization overview that will help in a time crunch.

Previously, bare metal hypervisors had been restricted to the server space, and servers have been gearing their hardware toward it. Both Intel and AMD have been racing to add more cores per socket, and both have included on-chip virtualization features designed to make passing instructions and memory contents to VMs more efficient.

With the recent Nehalem chips, Intel has been able to release very, very high performance chips, even on laptops. The i7 / i5 chips are full of virtualization potential, but sadly, until now, they’ve had* to make due with userland virtualization solutions like VirtualBox, or if you’re in the “I like to pay for software” camp, VMware Fusion, or Parallels.
(* – Alright, so some people have gotten ESX(i) to run on laptops. That doesn’t mean it’s a good idea)

Well, now there are better (or at least, different) options.

Because of the in-processor virtualization features that it relies on, the hardware compatibility list isn’t what I would call extensive, but more laptops will be built that take advantage of these new processors, so this list will grow as time goes on.

As luck would have it, the Lenovo T500 is on the list. That laptop is the one that I decided was going to be the “fleet” laptop for the company last year. Currently, I only have 3, and they’re all in the field, but I sweet-talked one of the salesmen into letting me “borrow” his laptop for the night.

As soon as we had the laptop, my junior admin took an image of the existing OS install using Clonezilla, so we could restore the machine to good working order quickly. Once that was done, we popped in the XenClient CD and rebooted. We immediately got this error:

Well, duh. I guess I didn’t think about it, but of course we should have checked the BIOS and set those. VTx is the in-processor Virtualization Technology, and can be toggled via a setting in the “processor” screen in the BIOS. VT-d is a technology used for I/O passthrough, which helps ensure VM performance, and is set in the same place as VTx.

Having fixed that, we rebooted and were on our merry way. The first choice we were given was to choose between a quick install or an advanced install. Of course we chose “Advanced Install”. Looking at the User Guide, there’s not too much of a difference. We did get this screen:

Which deserves some explaining.

As you (probably (hopefully?)) know, system administration is moving away from ad-hoc administration of one computer at a time to managing infrastructures at a time. Citrix realizes this, and has included methods for managing your fleet of XenClient-running laptops. The primary method is XenClient Synchronizer. Let me just quote from their webpage:

Citrix® Synchronizer for XenClient™ enables laptops with XenClient to download centrally managed virtual desktops. Using Synchronizer, IT can centrally backup user data through the secure connection whenever the user connects to the internet, define security policies for managed laptops, disable lost or stolen XenClient laptops and restore a user’s virtual desktop on any XenClient based laptop.

That sounds okeydokie to me. And apparently, it’s free, although I’d be really surprised if they didn’t offer commercial support for it. In fact, I’m interested to see where the licensing for this whole line goes, but I’m digressing again. Back to the install…I didn’t have the time to spin up a Synchronizer install, so I skipped this. When I get a spare laptop and a little time, it is something that I’m going to be testing, though.

The next step was formatting the drive on the laptop. It did warn me in big giant letters that it was destructive, and that I’d lose the data contained thereon, so that was nice, but pretty boring overall so I didn’t take a picture. Following the completed install, the machine rebooted.

The boot process is nice. There’s the omnipresent throbber to let you know that the machine hasn’t hung, and when you finally get into the XenClient interface, it’s good. It’s not beautiful, but it’s smooth. It reminded me of something that Apple might use, if they were into brushed stainless steel instead of white plastic. Because it’s an OS designed for a laptop, it has all of the laptoppy things and user niceties that people like. You can change backgrounds, you can dictate power options, etc. Below is an embedded movie of me going through the settings in the control panel.

(there’s no useful sound, so don’t worry about unmuting it)

As you can see, it looks a lot like a “regular” operating system. It just doesn’t do anything….except run virtual machines.

Speaking of, lets talk about that…

You’ll notice on that screen that the only guests available are Windows XP, Windows Vista, and Windows 7. Funny, but I wanted to install Linux. I figured that if the virtual machine could run XP, it could probably run Linux, too, so I popped this in:

and booted it up. Sure enough, before too long…

You’ll notice that it looks exactly like a native install. There is no Window containing the VM. It’s completely immersive, and it should be. This is going to be someone’s operating system, and they don’t want to have to constantly deal with the fact that it’s a VM. Citrix (and your user) wants that to be a non-issue. So it is. And it’s very convincing. Fortunately, they do tell you to hit ctrl-0 before the VM starts, so you can return to the XenClient interface:

We also ended up installing Windows XP, but I didn’t take pics of that install process, mostly because there’s no difference between it and any other OS install, except for the time.

Good lord, did it take a long time to install operating systems on this. I don’t know what was wrong with the I/O, but it was _not_ good. I’m fairly sure that we enabled VT-d, but man. It took nearly an hour just to get through the “…35 minutes remaining” part of the Windows install. It won’t be an issue if you’ve got Xen Synchonizer, since it’s not using vitualized I/O at that point (and the initial XenClient install didn’t take over-long), but I was not impressed with the disk performance. I didn’t run any tests, but that’s going to be the first thing I do when I get my own laptop to play with.

The only other oddity that we saw was that the T500’s HDMI output didn’t get virtualized. It’s very possibly a lacking on my part to get the Xen tools installed, or something similar, but this was my result (on Mint, anyway):

I’m certain that it will get fixed (or that I’ll learn how to do it), but just fair warning.

With each new guest that you install, the shortcut key increments by one. So you hit ctrl-0 to go to the “Xen Receiver” desktop, then ctrl-1 to go to your first VM, Ctrl-2 to go to the 2nd, etc etc. Here’s a video of me flipping between desktops. It really feels like using a KVM (that’s keyboard/video/mouse, not kernel-based virtual machine).

(by the way, if you aren’t getting these videos, feel free to check out the blog entry at the Standalone Sysadmin blog)

So that’s XenClient, or at least, as it stands now. The one thing that I haven’t talked about is ‘why’. Why would you want to do this?

There are at least a couple driving reasons.

First, security. If you run a locked-down OS for work, your computer is nearly unusable for anything else. When you’re on the road, that means your only computer is the one that you’re prevented from using. With this technology, you can have a second machine that has no ability to interfere with the security of the first one, and it’s usable. There are some fairly hefty arguments against this particular use case, chief among them is “that computer belongs to work, and installing and maintaining an additional OS image for the sole purpose of non-work activity is a waste of resources”. Honestly, it’s hard to defeat that logic…

Another reason would be if you need to run legacy applications on legacy OSes. I installed Linux. XP runs fine. If your company is moving to Windows 7, but needs an app that (for whatever reason) requires XP to run, that’s an option.

From a sysadmin perspective, I love the idea. I run Windows XP in VirtualBox right now. If I could use a hypervisor to give it better performance, I would, in a heartbeat. I would lose the integrated nature of the desktop, because I’d have to flip back and forth, but I expect that will change in the next couple of years, too. I imagine that eventually XenClient’s desktop will become something like a compositing window manager which can display windows from all running guests. Eventually.

Anyway, that was my review of XenClient. It seems like it’s going to be interesting, and I’ll be watching to see how people respond. HP has already produced the first laptop designed to support XenClient, which I suspect means they had a laptop nearly ready for production which just happened to fit the requirements, but whatever.

So what do you think? Impressed? Not impressed? Tell us what you’d use it for in the comments!

  • Pingback: Tweets that mention XenClient: Baremetal Desktop Virtualization | Standalone Sysadmin -- Topsy.com()

  • Great review Matt – thanks for taking the time to put this together for those of us who don’t have the time to try it out.

    I’m really curious how the OS licensing works in this configuration. Since the OS is running on the local hardware, is the whole VDI “tax” eliminated? Could it even be considered valid use of an OEM license under the right conditions?

  • @Matt what about using synchronizer bypasses the virtualized IO? Under the hood its either using tap:aio (file backed) or lvm backed storage just like Classic Xen. For local storage XenServer uses LVM by default, you can switch it to “ext3” but thats just tap:aio unless my knowledge is that out of date. From what I was reading it seemed like the synchronizer would let your users work “off-line” when they get connected again the changes would be synced and any new policy enforcements you have would come down. At any rate your right its pretty HOT stuff. I think my $work laptop is on the list so I might be trying it soon as well. Are you thinking about rolling it to your users?

  • Great post! I’m trying this out on my Latitude E6410 today. I’ve got 18,000 PCs, and lots of legacy apps. This might be exactly what I need to get over the Windows 7 hump.

  • @Jeff – Thanks. I am too. I’ll be interesting to see what Microsoft does with that

    @Nick – Sorry, I should have been more explicit. The act of installing the OS will be done by Xen Receiver in communication with Xen Synchronizer. It’ll be basically transferring an image, so it won’t be subject to the I/O lag.

  • @LowLatency – Good luck! Drop a comment here and let us know how it goes

  • Matt – as always thanks for your posts. This one took you some time and I appreciate the efforts. This is one of the areas that we have been investigating of recent and you’re work will keep us more focused on what already works.

    Thanks for treading the water for us.


  • Hi Shawn, thanks for the kind words. You’re very welcome. I like playing with new technology, and it just happened to come out on a day in which I wasn’t doing too much and could stay at work until 8 or so :-)

    I’m really glad that you all got something of value from this post. It did take a little longer than normal, but I hadn’t seen too many detailed reviews of it, and wanted to at least contribute something of use ;-)

  • This is another potential solution for the typical problem of legacy and specialized apps. I’m the head of IT for a small bio-pharm company and we constantly run into issues with scientific and regulatory software that require very specific configurations – at least one government site requires IE6, while one piece of software won’t validate if you upgrade Acrobat past 8.1.4.

    If nothing else it makes for an excellent IT tool so that I can easily bring up an XP box to diagnose issues even though my primary OS is Windows 7. Plus I could install Linux on my laptop again!

  • Chaitanya Upadhyay

    During installation of the Windows guest OS, XenClient uses the emulated hardware devices rather than the para-virtual drivers that are installed inside of the Windows guest OS post installation. Post install, once you install the XenClient tools from the virtual tools CD, you will get the high-performance PV drivers, and I/O will be pretty close to bare metal performance. This is true for any type-1 or type-2 additional tools installation process.

  • DoDigaro

    Wow! This sounds like what I’ve been waiting for from virtualisation for a while now! The holy grail for me would be the OS’s having full hardware acceleration for things like 3D – I’m guessing that’s not there yet?

  • @Chaitanya

    Ah, I understand. Thanks for clearing that up, and thanks for dropping by.


    There is supposed to be graphics acceleration, although I didn’t test any of that. Since it’s in VirtualBox now, I’d be surprised if it wasn’t in XenClient, too.

  • DoDigaro

    Damn, I knew I should have taken the work laptop home this weekend :)

    At least next weekend is a bank holiday here, I’ll play with it then. Although seeing as it only has Intel onboard graphics, maybe I’ll borrow something meatier..

  • chris

    This is great news for me because i would like to maintain a single oscomments image that works on machines with different hardware. Vdi is cool but it requires a host(s) powerful enough to run all the instances. With this i can potentially take advantage of a single image and not need to buy a new host.

  • Pingback: Opensourcetutor.com()

  • Andrew Todd

    Excellent review on a topic very live in our business. I think this could be the real solution when it comes to imaging and recovery. Pity it’s still got a bit to go and will require new hardware all round.

  • Pingback: Bookmarks for May 20th through May 21st | Savage Nomads()

  • DoDigaro

    I’ve downloaded it and tried to give it a go here – it needs extremely specific hardware (maybe 10 laptops officially supported in total?), unfortunately, which includes Intel graphics, so it’s not quite what I’ve been waiting for. It’s a huge step in the right direction though!

  • I was fortunate enough to be on a discussion panel moderated by Simon Crosby (Citrix CTO) . In some discussions, we found one of the coolest things about XenClient is the potential to deliver applications to multiple form factors: cable boxes, game consoles, desktops, laptops, iPad, and cell phones and then take advantage of that form factor.

    For example, cell phones/3G laptops are location aware. You could have a location aware laptop. Imaging doing a sales call and as you open up your computer the sales CRM automatically knows your client’s location via GPS and pulls in valuable data about the location.

    While the first wave of adoption will be having your desktop on any device, the second wave will be applications that take advantage of the form factor.

  • Jim Gish

    Thanks for a good intro to XenClient, Matt. Do you know whether XenClient will install/run on other laptops not explicitly on the official list if they meet the general h/w requirements? I can understand that Citrix would want to limit the the number of machines that they actually certify and support, but I’m interested in experimenting at this point and can’t get new hardware.

  • Hi Jim,

    To be honest, I don’t know. I do know that the requirements are pretty steep, and the list of supported drivers is very small. I imagine that, like all of the other enterprise hypervisors, it’ll support more devices as time goes on. For now, your best bet would be to try it and let us all know what you find.

    That being said, I wouldn’t be surprised if there aren’t many working that aren’t listed. Good luck though!

  • The challenge with Type1 client hypervisors is the diversity and rapid evolution of end user hardware. Xen being linux based is in the typical boat of always being at least 1 step behind in hardware support – the same as all Linux OS users. So Citrix trying to certify this laptop / destkop etc as supported for XenClient is a truly brutal endeavor. When / if hardware developers deliver linux based drivers when they deliver new hardware the situation will change dramatically.

    With the rumors around Hyper-V 3.0 and the next version of Windows getting out, the client hypervisor war should become very interesting. If MS is going to offer a type 2 hypervisor on top of a very small OS (Type 1.5?) they may very quickly take control of the client hypervisor market. There is no other mainstream, end user OS where end user hardware is developed first and foremost with drivers for Microsoft Windows.

  • anyone regarding with regard to producing this particular

  • I’ve been waiting for from virtualisation for a while now! The holy grail for me would be the OS’s having full hardware acceleration for things like 3D – I’m guessing that’s not there yet?

  • Buddala Venkatesh

    Good review mutt. how you peoples are getting time to share all these experiments with screen shots, i will do lots of these type of work but lake of knowledge to share with others, can you throw a some ideas, because i want to share all my exps with others

  • Pingback: Rollatoren Test()

  • Pingback: Rollatoren: Die wichtigsten Tipps und Informationen()

  • Pingback: Rollator Rollatoren()

  • In reality the odds are very good that you will save money just on tips that you learn.

    With the Internet, instant communication between people
    far apart is possible, though that often brings about another
    set of problems. Connection standards – the supported 3G
    standards include UMTS, HSPA and HSPA+ while the 2G standards supported
    include GPRS, GSM and Edge.

  • When I initially commented I appear to have clicked the -Notify me when new comments are added- checkbox and now
    whenever a comment is added I get four emails with the same comment.
    Perhaps there is a means you can remove me from that service?

    Thanks a lot!