MokaFive BareMetal Platform Released

BareMetal is the last part of the MokaFive Suite (reviewed here) and MokaFive’s answer to the type 1 client hypervisor offerings  from Citrix and Virtual Computer. BareMetal is a special-purpose virtual desktop execution environment that is installable directly on the bare metal of a desktop PC or laptop, replacing the native operating system. BareMetal integrates the MokaFive Player with a hardened Linux-based OS. This provides MokaFive customers with the opportunity to deliver endpoints that have no more management overhead than typical thin-client devices, while retaining the performance benefits of local desktop execution.

Type I Hypervisor

MokaFive BareMetal

To be clear, BareMetal is not a type I hypervisor. Instead it is better thought of as a hardened Linux OS, stripped of all unnecessary components and integrated with the MokaFive virtual machine player type II hypervisor and supporting management services. There are significant architectural differences between BareMetal and a  type I hypervisor but they both achieve the same result – the ability to host multiple guest operating systems on a secure computing platform. MokaFive’s BareMetal architecture does offer one significant advantage in that its Linux base enables it to deliver cross-platform hardware compatibility without having to address the challenges of developing custom device drivers to support the many thousands of different physical devices seen in existing desktop and laptop PCs. The key question then is not “Is this a true type I hypervisor?”, but “Does MokaFive BareMetal fulfill the primary requirements needed to provide an effective platform on which to build a desktop virtualization environment?” What this ultimately comes down to is how does BareMetal fare against the following criteria:

• Extensive hardware compatibility list
• Near native performance
• Multi-platform support
• Management
• Security

Extensive hardware compatibility list

MokaFive does not publish a hardware compatibility list for BareMetal, instead offering a blanket assurance that it expects most hardware that meets the required minimal specification to work. Given the number of system on the market today, it would be all but impossible for MokaFive to maintain its own hardware compatibility list. However given that Linux base and the hypervisor are in the same address space which allows BareMetal Player to leverage the broad base of Linux drivers, it is reasonable to assume that BareMetal should run without problem on almost any desktop PC. Laptops though should be treated with more caution. Base level compatibility should not be a problem, however niche devices, for example the media player functions offered on some laptop keyboards, may not work as expected. What is important to note though is that support for sleep/hibernate services – which is a significant technical problem for a hypervisor to solve does not appear to present a challenge for BareMetal.

MokaFive BareMetal can be installed on any PC with a minimum of 2 GB of memory and a 64-bit x86 processor (BareMetal does not require either Intel VT or AMD-V). In theory, this means that it is possible to install BareMetal on a MacBook, although in MokaFive’s case there are other less restrictive ways of getting Windows onto a MacBook.

Near native performance

Desktop system processors tend to be over specified for most general purpose tasks, so in many respects the raw performance of a client-side virtualization platform is less important than that of a server hypervisor..  Having said that a client hypervisor must not degrade overall system performance to the extent that it becomes noticeable. Hands on testing of BareMetal on a 3 year old Intel Core 2 Duo E8400 with 2 GB of memory and an integrated graphics processor showed that user experience was indistinguishable from native for all mainstream office activities. When tested using PCMark 7 showed a  creditable 3% drop in its overall score from Windows 7 on bare metal to Windows 7 on BareMetal.

Raw system performance aside, BareMetal does excel in other areas of performance.  The system boot time is astoundingly fast, allowing for startup from cold in less than 15 seconds on a reasonably specified PC (by comparison, Google claim an 8 second time for its new Chromebooks).  BareMetal has also been optimized for high-speed SSD drives with a disk format optimized for read/write performance and native TRIM support to insure optimum performance and SSD lifespan.

Multi-platform support

Given that the primary purpose of all desktop virtualization solutions is to provide a desktop management platform, the key requirement is that’s adequate support for Microsoft windows is provided.  To this end the MokaFive Player can support Windows XP 32-bit, as well as Windows 7 32-bit and 64-bit desktops.  Unlike some VDI platforms, MokaFive does not yet offer support for Linux-based desktops, but given that this is of limited value to most enterprise customers, it is hardly a priority.

Management

MokaFive BareMetal extends the existing management services provided by MokaFive Management Server which I have covered in more depth in my earlier review of the MokaFive Suite. Prior to the release of BareMetal MokaFive suite was capable of provisioning and managing a standard Windows image as either a guest running on the MokaFive Player type II hypervisor or off a USB flash memory stick. This provided an effective means of delivering a standard Windows desktop image as a guest operating system on personal or contractor owned and laptops, as well as providing a means of managing a Windows image on enterprise owned Apple PCs, but was not ideally suited to enterprise deployment on standard Windows PCs as it had no means of managing the underlying host operating system.  BareMetal, overcomes that weakness by doing away with the Windows host and providing its own endpoint management tools to provision and support the endpoint directly.

Security

Security is always an area of contention in virtualization circles, and MokaFive’s approach is sufficiently different to the conventional Type I and Type II hypervisor to make it easy to cast doubt on the approach taken with BareMetal. FUD aside, it has to be noted that a hypervisor by itself does not infer security (in many respects the presence of a hypervisor can make identification of certain types of malware more difficult.  The Blue Pill malware package being a case in point here). At the same time though, MokaFive’s use of a hardened Linux operating system does not grant it any unique protection either. This does not mean that MokaFive has not taken security seriously. MokaFive offers built-in AES-256 encryption coupled with an automatic security lock of laptop images and the ability to remotely wipe lost or stolen laptops to further improve security. One often cited measure of the potential to subvert a hypervisor is the size of the “attack surface”.  In this respect, MokaFive claim that the attack surface of BareMetal is of the same order as that of a type I hypervisor  (about 350 MB). MokaFive has not released the detail of the base OS used in the BareMetal Player, other than to confirm it is a Linux variant. Potential customers who would prefer the greater assurance that visibility brings may find this lack of disclosure an area of concern – although having said that VMware has also been less than forthcoming over the Linux underpinnings in ESX/ESXi.

Summary

BareMetal is a very big deal for MokaFive. MokaFive is unique in offering a complete single-image desktop management solution that can be deployed locally on any desktop regardless of the platform or ownership of the device. MokaFive Suite used to be a niche tool that enterprise IT might use to deliver a Windows desktop to otherwise unmanageable endpoints, BareMetal reverses this position, MokaFive Suite can now be considered as a full enterprise desktop management service, and a direct competitor to more the established VDI solutions. This does not mean that MokaFive can afford to rest on its laurels, there is still more that must be done to offer a comprehensive user-centric experience. Fortunately for MokaFive, its relationship with Quest brings with it many of the missing pieces. The key here is for MokaFive and Quest to manage their relationship as effectively as Citrix and Microsoft have in the past, building on each others strengths and minimizing areas of potential conflict.