The next step in virtualization: Virtual Computer’s NxTop

About half a year ago, I came across the website of Virtual Computer.com on which I read about a new Client Hypervisor called NxTop. Now the time is here to report about it, since the release is near. The complete product consists of the NxTop Enginer (the hypervisor) and NxTop Center for management. The NxTop Engine is not a desktop hypervisor that is running on top of an OS, like we already know from VMware Workstation, VirtualBox, Virtual PC, etc. but more like VMware ESXi or XenServer on your desktop pc. The desktop boots straight into the hypervisor and just like with ESXi and XenServer, all hardware is now managed by the Hypervisor.

NxTop Engine Architecture

NxTop Engine Architecture

As you can see in the image above, the way NxTop works is very much like Xen and this immediately gives away that indeed NxTop is build on Xen. It has its Domain0, now called “Control Domain” and uses Para virtualization as virtualization technique. By using Linux drivers a wide choice of hardware can be used, which is especially interesting in the graphics department. On YouTube (and below this post) you can find a demo that shows playing Doom3 in one VM, showing off their superb graphics performance and running Google Earth in a second VM flawlessly. To be honest, this is still a lab environment and 3D graphics will not be available in the first release, but graphics performance in this release is very good, the youtube demo shows what to expect next. I know how difficult it was for VMware Workstation and VirtualBox to deliver this kind of graphics performance and these guys are now delivering it in their first release, although only for Intel based graphics chipset for now. The trick behind it is their use of Linux drivers in the hypervisor which enables near native performance. In my opinion this is one of the killer features that will help early adoption.

Another interesting part to look at is their “Control Domain”. In this domain a number of separated zones can be found. There is the Management Zone that integrates with NxTop Center, the management environment that helps you control all clients, more on this later. There is a Driver Zone through which all communication with the driver will run and a little more interesting is the Security Zone.

NxTop Engine

NxTop Engine

Security

This Security Zone will take care of a number of tasks. It will make sure that there is a “Trusted boot” or in other words, it will make sure that the boot process hasn’t been tampered with. Should someone try to change the boot process to try and inject malicious drivers, the Secure Zone will detect this and shutdown the whole system, making it useless to the intruder.

The Secure Zone also encrypts all the VMs disks (VHD format, soon OVF format too) making full use of the TPM chip many desktops have nowadays. This will protect the data on the hard disk in case the disk gets ripped out of the desktop or laptop. The Security Zone will also handle a whipe (low level format) of the hard disk in case the desktop or laptop gets stolen. A great feature is that at every boot and at a regular interval set by the admin, NxTop will try to call home over any connection available and check with NxTop Center if there are updates or other messages. One of the messages can be the signal that the system has been stolen or is reported missing and that the disk should be wiped, just like with Blackberries or Windows Mobile phones.

The fourth zone inside the Control Domain is the Backup Zone. This is used, I bet you guessed it already, for backups but also for working with delta disks and with the specific user data disk. More on this later in the management part. The last zone is the ISV Zone which will offer integration for independent software vendors. A good example would be some kind of Anti-Virus software running at hypervisor level instead of inside the guest OS, just like VMware’s VMSafe.

Working with VM images and delta’s

What I like about NxTop, is how the mobile worker has been a central part in the design of the hypervisor and management around it. Typical for a mobile worker is that one minute he is there and the next he is gone. No time to wait for that 1 GB update to come down the line, there is a 2 o’clock appointment that has to be met and the mobile worker doesn’t want to wait for some stupid software download.

Guest layers

Guest layers

In NxTop a virtual machine is split into a number of disks. First there is the System disk which holds the OS and the set of applications. Next there are the Local disk and the User disk. The System disk is self cleaning at each reboot which protects it from changes. The Local disk will hold non-backup user settings and system settings per session. The User disk will hold the real user data and all customizations the user makes. By splitting the disks in this way, it is very easy to update the OS without touching user settings.

With NxTop the changes to or updates on the System disk are deployed using delta blocks over a SSL connection. Before downloading the delta is calculated between the image on the desktop and the master image and only this delta will be downloaded and applied to the desktop image. When the client connects to the NxTop Center server (the management server) it starts receiving updates and it is no problem if the client disconnects in the middle of a transfer. Next time, the download will simply continue. This offers great flexibility and has the least impact on the user.

Also typical for the mobile work is that the type of connection can change every time he connects. Yesterday it was over a normal LAN connection at the office, today he is zipping one of those great cappuccino’s at Starbucks and uses the free Wi-Fi to do some work, tomorrow he’ll be sitting in the park using a 3G connection. If you want to be a success in the field of client hypervisors, you will have to make the mobile worker happy, let him work the way he used to. With NxTop offering 3G USB devices and Wireless network cards support I think they have another killer feature to make a great start in this field. Although at first only Intel chip based cards are supported, but I expect others will follow soon.

NxTop

NxTop

Management through NxTop Center

This last part might be a bit of a turn down for the folks of Virtual Computer, since they worked so hard on NxTop Center to make it look good, but I’m not going to write very much about it. To me the most surprising and revolutionary part of the NxTop product (NxTop Engine and NxTop Center) was the client hypervisor. The management part is something that has to be there, has to work well and offer nice features, but it is not part of the revolution, the real change lies in the NxTop Engine. Let me emphasize that NxTop Center is good and works well and you should definitely contact Virtual Computer to learn more about it. Also I expect you, the reader, to see the potential of the NxTop Engine thanks to this blogpost, understand the technique underneath and start thinking of how this would fit into your organization.

I will limit the review of NxTop Center to a list of some of the features and a few screenshots, to get more detailed info contact Virtual Computer through their website: http://www.virtualcomputer.com.

Features of NxTop Center

Policies on the VMs which enables you to

  • define expiration of the image,
  • which type of USB devices are allowed,
  • force backups to NxTop Center
  • Lock Out to force people to connect to NxTop Center daily, weekly, monthly
  • OS profiles to preserve anti-virus updates, Windows updates, Windows Search Updates, Flash Player, etc, etc.
NxTop Center policies

NxTop Center policies

NxTop Center policies

NxTop Center policies

-          Which VM is allowed to connect to what type of networks

-          Manage users and groups and assign VMs to users and groups

-          Manage multiple versions of a VM

NxTop Center multiple OS versions

NxTop Center multiple OS versions

-          Specify hardware requirements

NxTop Center specific hardware requirements for the VM

NxTop Center specific hardware requirements for the VM

-          Not only deploy full VMs but also applications.

NxTop Center Applications

NxTop Center Applications

-          Remotely manage computers, diagnostics and remote control.

NxTop Center Remote management

NxTop Center Remote management

-          Two licensing models will be available

  • 5-20 users which you pay per pc per month.
  • Or traditional licensing per pc including maintenance.

-          Building VMs is done on the NxTop Center server using the Microsoft Virtual Server engine. The use of Microsoft Virtual Server, makes the NxTop Center server unsuited for running on top of a hypervisor like ESX, XenServer or Hyper-V. Virtual Computer is working on a version that can run inside a VM.

Some youtube video’s about Virtual Computer:

[youtube]http://www.youtube.com/watch?v=6pqPWTPC7iM[/youtube] [youtube]http://www.youtube.com/watch?v=1O8rdpWPkzI[/youtube]