VDI (virtual desktop infrastructure) is one of the hottest technologies going, and there are nearly as many ways to deploy it as there are companies providing the solutions. Some VDI solutions are server-based, running on "big iron" in a data center like their virtual server cousins. Other VDI implementations run on the client, using either a bare-metal hypervisor (aka Type 1 virtualization) or a host-based hypervisor, which runs on the host operating system as an application (Type 2 virtualization). Each method fits a specific use case, and the various options available allow IT organizations to choose the solution that best meets their needs.
Regardless of how VDI is done, centralized management of operating systems and applications is the goal. Admins can define "golden images" that all virtual desktops are based on to keep the user experience consistent. Golden images also allow admins to quickly spin up a new virtual desktop in case of corruption or virus infection. Security is another important benefit. With hosted VDI, no data ever leaves the data center. Through the use of security policies, administrators of client-hosted VDI can have virtual machines expire after a specified time, helping to prevent data leakage.
[ Also on InfoWorld: Virtual Computer review: VDI without the server connection | Download InfoWorld's Virtual Desktop Infrastructure Deep Dive special report | VDI shoot-out: Citrix XenDesktop 5.5 vs. VMware View 5 | Keep up on news in virtualization by signing up for InfoWorld's Virtualization newsletter. ]
Further, while server-hosted VDI solutions provide access to virtual desktops through Web browsers, software applications, and even mobile apps, some of their client-hosted counterparts are beginning to provide this kind of flexibility. That's the case with MokaFive Suite, a client-hosted or "offline" VDI solution that supports Windows and Mac endpoints, as well as provides a way for iOS users to securely access Windows shares.
Virtual desktops, three ways
MokaFive Suite includes a Type 2 hypervisor based on VMware Player; a Type 1 hypervisor based on Xen; a centralized server (Management Server) for user, policy, and virtual machine management; and a stand-alone application (MokaFive Creator) based on VMware Workstation for virtual machine image (LivePC) creation and maintenance.
Two other components are optional: Application Gateway is needed only for users connecting from outside the corporate network boundary, while File Gateway is needed only for iOS device support. All server components require Windows Server 2008 SP2/R2 64-bit, which can itself be virtualized on VMware ESX. MokaFive Suite integrates easily with Active Directory.
My test configuration consisted of two Windows Server 2008 R2 machines (Management Server and File Gateway) hosted on VMware ESX 4.1. I didn't deploy the Application Gateway because all user access was done from inside my test domain. I installed MokaFive Creator on a Windows 7 desktop, the MokaFive Player Type 2 hypervisor on Windows XP and Windows 7 desktops, and MokaFive for iOS on an iPad 2. MokaFive Creator is a Windows-only application, while the MokaFive Player is available for both Windows and OS X 10.6 and 10.7 (Snow Leopard and Lion respectively).
What's your Type?
IT can deploy MokaFive Player on an existing operating system, or they can install the MokaFive BareMetal Player on bare metal. The bare-metal deployment is best for corporate-owned equipment because it replaces any existing host OS (no dual booting allowed) and eliminates the usability and performance overhead of running the virtual desktop as an application. A unique deployment method is MokaFive's Portable Player, which can run LivePCs directly from a USB device. Performance isn't the greatest, but it leaves no traces behind on the host OS. I successfully installed and ran LivePC images from a run-of-the-mill 4GB thumb drive without any issues.
The installation of the Management Server was relatively easy, and my server was up and running in about one hour. The initial configuration of the Management Server consisted of entering licensing information and connecting to Active Directory. The next steps involved importing a Windows 7 Professional LivePC supplied with my installation package and creating a user group for my remote users. I was able to easily add users from Active Directory into my test group and assign LivePC images to them. MokaFive also allows for local user account management.
Deploying the first LivePC is a multistep process. First, MokaFive Creator must be installed and the LivePC image created. Then you'll need to create Domain Join packets, which contain domain-specific information that your LivePCs will use to become part of the domain. This allows users to load a new LivePC image and not worry about joining the domain on their first boot. Once a LivePC image is bound to a set of Domain Join packets, end-users can begin downloading the bundle to their PC or Mac. I targeted my LivePC image at the test group, effectively assigning it to any member of the group.
Creator is where admins will spend much of their time, updating OSes, installing applications and managing LivePC versions. Unfortunately, if IT needs to update any of the wide range of included policies, it has to leave Creator and log into the Web-based UI of the Management Server. MokaFive provides an extensive list of policy options for Players and LivePC images, as well as more than 30 policies for controlling access to published file shares from iOS devices. Admins can define policies to control resource utilization, access to USB sticks and other peripheral devices, encryption and virus scanning, whether users can cut and paste between VMs and the host, and how long a LivePC may be disconnected from the Management Server before locking out the user, to name a few.
The large number of policies available allows for very granular control over the whole MokaFive environment. I only wish that Creator was unified with the Management Console, creating a one-stop shop for all management features.
For end-users, MokaFive Player runs on both Mac and Windows devices. It installs quickly and will automatically download a LivePC image based on the user name and group affiliation. For instance, I created a "trial users" group as well as an "R&D" group and assigned two very different LivePC images to each. Depending on who I logged in as, the correct LivePC was pushed to me.
A layered approach
MokaFive uses a layering technique on each LivePC image to keep user, applications, and operating system data from mixing. This allows IT to update the virtual desktop's OS and push out the changes without overwriting any end-user data. Similarly, applications live in their own virtual disk, so they too can be manipulated by admins without affecting the LivePC's OS or user information.
MokaFive for iOS is an interesting take on providing secure, controlled access to company data shares to iOS 5.0 or later devices. The MokaFive for iOS app creates a secure "bubble" through which the end-user can access remote Windows file shares. The bubble is subject to various policies just like LivePCs, such as remote kill (useful for a lost or stolen device), so IT still maintains control over corporate data. MokaFive for iOS does require an additional server, the File Gateway, and an SSL connection, but installation is easy and I had my iPad 2 connected to a handful of Windows shares quickly. The iOS application is available via the iTunes Store. Note that MokaFive for iOS only provides access to the files, not a way to view or edit them. Users will need a separate app for that.
Overall, MokaFive Suite is an excellent choice for secure, controlled virtual desktops. The Type 2 hypervisor option allows for less intrusive installations on end-user-supplied hardware, while the availability of a Type 1 hypervisor for company-owned hardware eliminates performance and security concerns. While I'm not a fan of managing the suite from both MokaFive Creator and the Management Server, both applications are well laid out, intuitive, and easy to follow. The iOS support provides secure yet managed access to corporate data, allowing easy access to i-device users.
MokaFive Suite 3.10 at a glance
|Pricing||Starts at $150 per user per year; MokaFive for iOS licenses start at $50 per user per year.|
|Host platform support||Server components require Windows Server 2008 SP2 or R2 64-bit; server can run in VMware ESX 4.x virtual machine. MokaFive Player Type 2 client available for Windows and OS X 10.6 or 10.7; MokaFive for iOS supports iOS 5.0 or later.|
This article, "Review: VDI tailored to BYOD," was originally published at InfoWorld.com. Follow the latest developments in virtualization at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.