As I discuss multiple security alternatives for enterprise desktops with clients, one of the options that must be discussed is the use of server-based computing and terminal services also referred to by vendors as “presentation virtualization”. One of the questions that comes up is “are terminal services really a form of virtualization, or are vendors just calling this ‘presentation virtualization’ to take advantage of the industry hype around anything to do with virtualization?”.
At its most fundamental level, virtualization is a layer of abstraction between a resource and something that consumes that resource, decoupling these in a way that neither the consumer nor the resource has to know they are being decoupled.
With “presentation virtualization”, the layer of abstraction is between the windows eventing system (the resource) and the Windows application (which consumes and processes the events). The most relevant events in this case are keystrokes, mouse clicks and video updates – let’s start there.
By inserting a layer of software, we can capture the relevant events in both directions and decouple the linkage so that the application can be run by a keyboard, mouse and video system located elsewhere. A network-based protocol (like ICA or RDP) is used to carry the KVM information to and from the physical KVM and the application. Since the abstraction separates the consumer and resources across a network connection, the abstraction takes two pieces of software that work together – in this case, the terminal services software running at the server and the ICA/RDP client running at some type of client device.
The setup delivers what most people consider to be examples of what virtualization enables:
- The application (say Excel) doesn’t know that the user (KVM data) is no longer directly attached.
- The physical keyboard, video and mouse systems don’t know that the application they are using is no longer necessarily local.
- The application could be changed out (say to a new version of Excel) and nothing has to change.
- The keyboard could be replaced and nothing has to change.
- One KVM system could drive multiple copies of the application (as is used in training/classroom scenarios)
- One application could be driven by multiple mice/keyboards (this happens when the technology used for remote support by the help desk for example but can be quite confusing if the user isn’t expecting this!)
The evolution of the ICA/RDP (and others) software and protocols can now virtualize more than just KVM. They can also do the same for USB, printers, CD ROM and other interfaces. The principle is exactly the same. It would be more accurate to call this “user interaction virtualization” but “presentation virtualization” is close enough and is what the industry has settled on for a term.
If we simply virtualized the user interface stuff as described above, this provides usefulness in of itself – say for help desk support or for people to remotely access their desktops. But terminal services and Citrix go farther. Perhaps what is confusing people is that in conjunction to the user interface virtualization, terminal services / Citrix also create the illusion of multiple copies of Windows desktops running on a single copy of Windows. This in of itself is a form of OS virtualization, similar to what Solaris Containers or Virtuozzo does, but TSE/Citrix focuses more on the end-user workspace experience. So it is more accurate to describe terminal services/Citrix as a combination of virtualization solutions that a) creates the illusion of multiple desktops on a single copy of Windows *and* b) virtualizes the user interaction as well so everyone doesn’t have to be directly and physically attached to the server.
In any event, I believe it is a form a virtualization – albeit one that has been around for more than a decade.
Semantics aside, why do you care? As you consider your enterprise strategy for desktop virtualization and securing these assets, understand there are multiple types of desktop virtualization available on the market today – including full OS virtualization, workspace virtualization, application virtualization and “presentation virtualization” (user interaction virtualization) and more. Each has their uses and pros and cons. In fact, these types of virtualization should be able to be mixed and matched as needed to create a manageable and secure composite workspace appropriate to the user’s needs and the sensitivity of the data and application being hosted.