Microsoft has revealed a two-pronged strategy to eliminate the problem of applications that don't play nicely with its newest desktop operating systems: XP Mode for small businesses, and Microsoft Enterprise Desktop Virtualization (MED-V) for larger organizations.
The Redmond giant is clearly cheesed off that many enterprise customers have balked at upgrading to Vista because of application compatibility problems. But the process of testing applications to see if they work under a new OS – and then migrating those that do, and updating or end-of-lifing those that don't – is expensive, time consuming and resource hogging. It's understandable that many organizations have simply elected to stick with XP.
Microsoft believes that virtualization can provide a way of ensuring that its enterprise customers upgrade to Vista – and Windows 7 when it is released. It has combined its Virtual PC 2007 desktop virtualization solution with the technology it acquired from Kidaro in 2008, now called MED-V, to enable customers to run their legacy desktop apps in an XP virtual machine on their Vista desktops. The clever part is that the virtual machine is invisible to the end user, so that apps running in the virtual machine appear to be running natively on the Vista machine. They are available from the Start menu, can have tray icons, and run in windows on the Vista desktop. Users can even Alt-Tab between native apps and ones running in the virtual machine.
Business versions of Windows 7 will feature XP Mode, which will enable users to install and run applications in this way. What's different about MED-V is that it adds a centralized management system so that virtual machines running either Windows XP (SP 2 or 3) or Windows 2000 (SP4) and legacy apps can be deployed, monitored and managed for use with thousands of users in large enterprises. MED-V can also be used with Vista desktops (as well as Windows 7 when Med-V 2 is released,) while XP Mode is a feature of Windows 7 only.
Instead of releasing MED-V as a standard product, the system is part of the Microsoft Desktop Optimization Pack (MDOP) 2009, released on April 1, available to Microsoft's Software Assurance customers.
So what does MED-V do? Essentially, it has three capabilities:
- Virtual machine image creation, storage and delivery
- Virtual machine management and monitoring
- Creation of usage policies, associated with Active Directory groups or users.
Let's take a closer look. A Med-V system is made up of a management console, from which an administrator can create and manage virtual machine images, an image library where they are stored, and a management server. There's also a small piece of client software which enables end users to authenticate themselves to the management server and download virtual machine images. It's also responsible for managing the virtual machine session and updating and applying usage policies.
Using the management console an administrator decides which applications to make available to particular groups or users, and can also specify particular web sites which should only be viewed using an older version of Internet Explorer in a virtual machine. The management server is responsible for attaching usage policies to images at the Active Directory user or group level, and for monitoring end user usage – populating a SQL database with usage information. Policies could include the expiration date of a particular machine, or whether users can use them for short periods while offline – perhaps while traveling.
The easiest way to see how MED-V works it to look at it from the perspective of the end user, who has a Vista desktop but needs to use a version of Microsoft Word which we'll imagine is not compatible or has not been thoroughly tested with Vista and other applications running on the machine.
The first thing the user has to do is authenticate himself with a MED-V server by clicking the Med-V client tray icon and entering his Active Directory credentials. Once authenticated, the server will send him a virtual machine environment (in encrypted form), and any policy updates. If this is the first time that the environment has been run, configuration of a unique virtual machine name and joining an AD domain can be carried out automatically. Virtual PC RAM allocation is also adjusted depending on the amount available on the host PC.
Downloading can be time consuming, but is speeded up by a de-duping technology Microsoft calls TrimTransfer, which essentially only transfers blocks of data that aren't already present on the end user's drive. (The virtual machine can also be delivered manually by DVD or USB drive.)
What happens if the user is working offline? If this is allowed by policy the user can work using a cached copy of the environment. Usually a user will be restricted to a limited number of days of offline working before he is obliged to reconnect to a MED-V server to ensure that the latest policy updates are applied, and to enable user de-provisioning to take place if necessary.
Once this is complete, a new "MED-V" folder should appear in the applications list in the user's Start menu, containing the version of Microsoft Word which is to run in the virtual machine. Clicking this starts the application in a window (with a slight colored tinge around as the only indication that it is running in a virtual machine.) As far as the end user is concerned, the application runs just like any other application running on the host operating system – with a few provisos. These are that local printing, file transfer between the virtual machine and the host, and copy and paste operations between the virtual machine and host, may be prevented by policy.
An obvious question for network administrators to ask is how scalable this solution is? Microsoft says a typical MED-V management server should be able to support "thousands" of users – depending on the server hardware – while polling for policy changes every fifteen minutes and image updates every four hours. Reducing the polling frequency should enable more users to be supported for a given hardware configuration.
The only time when there is likely to be large amounts of network activity is when a new image is distributed to multiple clients in a short space of time. To cope with this the company suggests adding IIS severs as additional image delivery servers, placed behind a load balancer. Image delivery servers can also be placed in different geographical locations, using DNS to direct MED-V clients to the most appropriate server. System Center Configuration Manager, part of Microsoft' s infrastructure management system, can also be used to deliver images.
Fear of application incompatibility issues makes organizations rightly nervous about upgrading desktop operating systems, while Microsoft's tendency is to push ahead with new OS products. Virtualization technologies like XP Mode and MED-V look like emerging as the key way that Microsoft tries to solve this problem, so that companies can upgrade their desktop OSes while sticking with their older apps until they are ready to devote the resources to testing them thoroughly on the new platform.