Desktop virtualization is not like what it sounds. It does not start with a one-by-one conversion of each user's desktop from a straightforward piece of hardware to one that runs only a virtual machine.For it to have any prospect of IT budget savings, desktop virtualization has to begin on a server, not at a physical desktop. Time and labor savings will flow from the provisioning of desktops by automated systems, under the control of IT-defined policies. A desktop virtualization system must be able to clone hundreds or thousands of desktops from a single image, and that may have to happen between 9 and 9:03 a.m.
Alternatively, it might be possible to generate 10,000 desktops, each with its own characteristics, and store them all on central servers, to be parceled out as users log in. But think of the storage costs. Poof. There go the savings.
To be able to provision 10,000 users, the provisioning system needs a server hypervisor to generate virtual machines. Then the provisioning server, usually part of a virtual desktop infrastructure, calls up the right golden image, modifies it for the user's defined group, and then populates a server virtual machine with applications to start interacting with the user. In truth, there is probably more than one golden image, but the system with the fewest golden images will be the easiest to administer.
Just think, if there were three defined sets of users at your company, what would that save, upgrading three golden images versus servicing 10,000 user machines? But this central control isn't possible without both the server hypervisor and the server-based desktop virtual infrastructure working together.
Both VMware and Citrix Systems are adding an additional element to desktop virtualization. Later this year, each will supply a hypervisor that resides on the user's machine and coordinates its activities with a central server. This is going to answer one of the riddles that has bedeviled desktop virtualization so far -- how do you unplug from the network. The unplugged machine can turn to its resident hypervisor and continue functioning.
Implementing fine-grained policies and identity management controls on the central server allows the virtual desktop to take on individual characteristics, or perhaps I should say individual group characteristics. Maybe someday the provisioning server will seize a bunch of personal settings from the identity directory and apply them to a golden image, producing a distinct, individualized virtual machine unlike any other. Until then, granting the user mobile use of a virtual desktop restores a lot of the usefulness of a user's machine
Another side to this two-tiered hypervisor approach is that the user can continue to have a personal computing environment, with all his games, personal applications, pictures, and personal data alongside the corporate virtual desktop. No longer will the two be co-dependent, with the infractions and exposures of one spilling over into the other. Virtualization, with its definitions and restrictions, will maintain an iron curtain between the two.