Another compelling feature is Kidaro’s Trim Transfer Technology. Essentially an intelligent streaming mechanism, Trim Transfer addresses one of the most challenging aspects of virtual desktop deployment: transferring massive VM images to multiple end points. By leveraging existing code resources on the host client (DLLs, EXE images), Trim Transfer dynamically adjusts the VM image, stripping out redundant components and using the host’s resources to fill in the gaps. The final VM image is verified against a unique cryptographic signature.

Click for larger view.

Depending on the degree of similarity between VM and host (whether they’re the same Windows version or revision, for example) Trim Transfer can drastically reduce the network load during VM deployment. It also makes slipstreaming upgrades or patches easier since the administrator needs to modify just the source image. Trim Transfer then seamlessly filters the changes down to the affected clients using the same dynamic assembly process. Right now it’s a Kidaro exclusive and, thus, a huge differentiator in what will likely become a crowded management market.

I tested Kidaro Managed Workspace on a Kidaro-provided ThinkPad laptop running Windows XP Professional. The Kidaro Management Server, which was installed within a Virtual PC VM, uses Windows’ IIS (Internet Information Services) to communicate with the Kidaro client agent and supports most standard firewall and proxy server scenarios. I found the Kidaro Management Console easy to navigate, with most functions clearly labeled. Tight integration with Microsoft Active Directory made it simple to correlate Kidaro VM images with specific organizational units and to apply policies using the existing Active Directory model.

A major concern with this sort of deployment model is the security of the offline image. Kidaro addresses this by encrypting both the local VM image and any files that are extracted from the image to the local host environment (assuming this functionality is enabled in the VM’s policy). AES (Advanced Encryption Standard) encryption keys are generated transparently by the Kidaro server and stored locally at the client. For network security, the Kidaro client runs its own private firewall within a dedicated virtual appliance, further isolating the Managed Workspace from the network.

Other interesting features include a USB key deployment option, in which you copy the VM to a USB key for plug-and-play distribution; a “revertible” mode, in which the VM rolls back changes at log-off with selective overrides for user folders and registry customizations; and various timeout/lease revocation options to deny access to the Managed Workspace after a configurable period of time.

Overall, Kidaro Managed Workspace is a compelling solution, one that leverages unique innovations including Trim Transfer and seamless application integration to effectively mitigate many of the major factors inhibiting widespread VM adoption.

Sentillion vThere 2.0
Like Kidaro’s namesake product, Sentillion’s vThere is a management solution for virtual machine clients. Its purpose is to make configuring and deploying virtual desktop images easier by wrapping the VM with an additional layer of management. It differs from Kidaro in its inclusion of a hosted component, vThere.net, and its use of a customized version of Parallels Workstation for Windows as the runtime engine. In contrast, Kidaro works with VMware and Microsoft Virtual PC images.

The hosting angle is a major differentiator for vThere. Customers can upload their customized VM to the vThere.net site and use it as a secure reference point for user/VM authentication and VM validation, distribution, and security. Outsourced hosting of applications is nothing new (think Salesforce.com); however, this is the first time I can recall a vendor offering such a service for virtualized desktops – the various server-based Citrix/Terminal Services hosting providers notwithstanding.