RingCube brings 'containers' to the client

Operating-system virtualization, often called "containers," hasn't captured the limelight the way virtual machines--which can be thought of as hardware-level virtualization--have. However, they've proven popular on servers, for which low overhead trumps everything else; hosting providers are perhaps the canonical example. Parallels' Virtuozzo and Sun Microsystems' Solaris Containers are probably the two best-known examples.

Now RingCube is bringing a form of containers to the desktop.

First, here's a little background on the basic approach. Most operating systems have the ability to group processes (essentially executing programs) into higher-level constructs such as "workloads" or "applications." Containers build on this group concept by further isolating them from each other using techniques first seen in BSD Jails.

From the perspective of something inside a container, the container is a complete operating system and server, even though it has access only to a fraction of the available hardware resources--just as with a virtual machine.

However, unlike a virtual machine, a container replicates only a small subset of the operating system--mostly the libraries or writable data structures that can differ from one operating-system instance to another. For the most part, the containers running on a physical server share a single copy of the operating system--unlike with virtual machines, which each have a complete independent copy of an operating system.

Containers are, in a sense, just a trick to isolate workloads within a single copy of an operating system. This means that containerized applications generally perform as if they were running natively rather than virtualized. Virtual machines work by introducing a layer of abstraction between "guest" operating systems and the host.

There's a lot of work going on in the industry to reduce the overhead that this abstraction introduces, but it can still be significant for certain workloads. (A research note that I wrote about 18 months ago, "The Server Virtualization Bazaar, Circa 2007," goes into a lot more detail about the various forms of virtualization.)

RingCube's VDesk takes a similar approach but applies it to different ends, something the company refers to as a "virtual workspace." The basic idea is to create a managed, secure image within an existing Windows environment on the client.

A common use would be to control the environment from which an employee or contractor accesses a corporate network, even when using a personal PC. (This is a nascent but increasingly discussed trend.) VMware's ACE tackles the same problem using virtual machines based on technology from VMware workstation.

VDesk is about a 40-megabyte chunk of code that installs into an existing copy of Windows on a client. An IT department can (and should) set certain security policies about the client operating system. For example, it can require that antivirus software be installed. Currently, VDesk supports Windows XP; Vista support is coming in the first half of this year.

Users then can log into VDesk and have a centrally managed and updated environment provisioned to their PC. VDesk offers several different deployment modes, including MobileSync, which offers offline use and synchronization for notebook users.

Relative to using virtual machines, VDesk has two big selling points. The performance overhead is slight; the company claims 99.8 percent of host performance. By contrast, virtual-machine overhead (especially with a hosted hypervisor approach, as is currently used on desktops) can be significant, especially if there is a lot of disk or graphics activity.

In addition, there is no guest operating system to add to the base operating system installed on the client. This may not always matter--depending upon volume licensing agreements and the like. However, especially if the PCs are owned by a third party, it can reduce costs by only having to provision them with VDesk (and, possibly, management-related components from RingCube partners) and not Windows.

RingCube plays into a number of interesting marketplace trends. It highlights that virtualization is about many things, not one. It also emphasizes how some corporations are looking to take advantage of PCs that employees or contractors often already have while maintaining critical security and access controls to their networks and applications.