Last week, the Virtualization Report broke the news about Kidaro's new product, Kidaro Managed Workspace. Since then, I have had the opportunity to speak with the company's founder and CEO, Ran Kohavi. I wanted to find out more about the company's product, and so, Mr. Kohavi agreed to the interview. Virtualization Report:I'm interested in your Trim Transfer. It sounds unique. Can you tell us more about it? How d Last week, the Virtualization Report broke the news about Kidaro’s new product, Kidaro Managed Workspace. Since then, I have had the opportunity to speak with the company’s founder and CEO, Ran Kohavi. I wanted to find out more about the company’s product, and so, Mr. Kohavi agreed to the interview. Virtualization Report:I’m interested in your Trim Transfer. It sounds unique. Can you tell us more about it? How does it reduce network bandwidth? Ran Kohavi:This technology is indeed unique to Kidaro, and addresses one of the key challenges of applying virtualization to desktops today: the network bandwidth required to transfer a full virtual machine. Kidaro is the first vendor that applies delivery methods that are targeted at virtual machines from day one, and are not derived from generic delivery mechanisms. Kidaro Managed Workspace’s Trim Transfer technology dramatically accelerates deployment speed and reduces the network bandwidth needed to transport a prepackaged workspace to multiple end-users by an average 90% — no matter which connectivity method is used.Kidaro completely eliminates the usual, full virtual machine image-transfer process. Trim Transfer technology is applied for every deployment: from the initial deployment of a new, prepackaged workspace to a future patch or update. Trim Transfer uses a set of proprietary, patent-pending algorithms to send the minimal data needed to recreate an exact copy of the prepackaged workspace on the client machine. Trim Transfer works in three phases: Phase 1. Most information required for a virtual machine image already exists on the client. Trim Transfer leverages this fact to eliminate any redundant transfers. At the server, Trim Transfer breaks the image into tiny bits of data, called “grains”. The Trim Transfer agent then scans the client, looking for only those grains required for the virtual machine image, and removing pre-existing grains from the transfer. For example, if a virtual machine running Microsoft Windows XP is deployed to a client that runs a local copy of Windows XP, Trim Transfer will automatically remove all the redundant Window XP grains from the deployment stream, dramatically reducing the amount of information and transfer time. Phase 2. Trim Transfer streams the required grains in compressed form from the server to the client. Trim Transfer automatically tunes each client’s bandwidth consumption during delivery to match available network bandwidth. Phase 3. Trim Transfer recreates an exact copy of the virtual machine image on the client machine and verifies its integrity against a set of cryptographic signatures. Trim Transfer technology can be used over any network, inside or outside the enterprise perimeter. IT can choose standard HTTP sessions or can require an authenticated, secured, and encrypted transfer (e.g., over SSL). A standard web server (IIS or Apache) is used for Trim Transfer; no additional software or modules is required. By using standard web-server architecture, Kidaro ensures high scalability and fault tolerance. The result is a background deployment process that is quick, bandwidth efficient and transparent to the user. VR:Since it leverages existing virtualization technologies, how does the performance compare with this solution to using a virtualization platform and a VM natively? Kohavi:Kidaro is built on top of standard virtualization engines and supports VMware Player, VMware Workstation, Microsoft Virtual PC. Hence Kidaro’s performance is the same as the virtualization engine. Kidaro does not add any overhead or additional layer of virtualization. On the contrary, when packaging the virtual machine, Kidaro automatically applies some mechanisms to reduce virtual machine load time and to minimize memory consumption. VR:Is this a Windows platform only? Or does it also work on Linux? Kohavi:Kidaro supports all Windows versions from 2000 and up. There is no technological barrier that ties the solution to Windows platforms, but Kidaro currently focuses on Windows as the initial market, since it is by far the most dominant platform in enterprise desktop computing. Linux support is on our roadmap. VR:Any interest in supporting other virtualization platforms such as Xen or VMware ESX in the future? Kohavi:We currently support all client versions of VMware and Microsoft Virtual PC. Vista will be supported soon. Since Kidaro is a desktop solution, there is no need to support VMware Server or ESX platforms. Our product is not vendor-specific and we will add support for additional virtualization platforms continually. VR:Are there any hardware requirements to be aware of? Or can it work on any machine that can run a virtual machine in one of the already discussed platforms? Kohavi:There are no special requirements beyond those of the virtualization engine. From our experience with existing desktop models, CPU is not an issue, and 512Mb RAM is sufficient in most cases. VR:Who are your competitors? Is Moka5 a competitor? And how do you differentiate yourself? Kohavi:As far as we know, the only vendor that has a similar offering may be vThere (business unit of Sentillion), focusing on a remote-access solution based on a virtual machine. Kidaro offers several enterprise-class differentiators: A powerful management console that enables workspace provisioning according to users and groups, centralized control, and monitoring of active clients. Enhanced security – isolation, encryption, network restriction and policy-based dataflow control to allow, block and audit any dataflow between the workspace and the user desktop, including desktop activity (copy-paste, drag & drop), device access (USB, removable media, printers), or file transfer. Seamless integration and familiar user operation: Users are unaware they are working with a virtual machine. The user simply starts applications from the native start menu, or clicks a pre-configured URL to initiate an application within the virtual machine. There is no virtual machine window, or an additional desktop the user need to learn how to use – the applications appear as local applications on the user desktop and taskbar. A variety of deployment methods (web, USB, DVD) and Trim Transfer optimized network delivery technology Moka5 is indeed in the desktop virtualization space, and we have some technological similarities, but to the best of our knowledge, they focus on consumer scenarios, providing a virtual appliance, and running VMware Player from a USB drive. Kidaro addresses enterprise needs and challenges and focuses its advantages on those aspects as we mentioned. Moka5 is optimized for consumer use-cases. For instance, both Kidaro and Moka5 provide “live” virtual machine distribution and update mechanisms, but emphasize different aspects and use different technologies to achieve this functionality. VR:Desktop security is becoming a major concern and focus for IT organizations. With this solution, where is the data kept? Kohavi:Security, and specifically corporate data protection, is one of the three key benefits of Kidaro Managed Workspace (Managed, secured, easy-to-use). In addition to the built-in isolation inherent in virtual machines, Kidaro provides policy-based data flow control as indicated previously. Central audit trails can be tracked from the management console. The corporate data itself can be kept on servers, or saved locally within the virtual machine, according to the corporate policy. Kidaro workspace supports authenticated access to any network resource, including email, file shares and databases. To safeguard “data at rest”, Kidaro encrypts the virtual machine disk. Kidaro also enables administrators to start a new desktop image every time, removing residual corporate data from the user machine. VR:How fast of a network connection do you need with this solution? Kohavi:Kidaro Managed Workspace does not depend on network connectivity to operate. Users can work offline or over slow connections: applications will behave just as if they were installed locally. The only part of the Kidaro solution that can benefit from higher network bandwidth is the web deployment and updates – a slow connection will result in longer download time, mainly for the initial deployment. VR:Can you explain more about the deployment method?Kidaro offers a range of deployment methods that administrators can choose from: Secured web download – point your browser to a URL to download Kidaro client and automatically retrieve the workspace. Removable media “plug and work” – have everything required for deployment on a USB drive or a DVD, easily deployed to any remote user. Enterprise software distribution – apply existing tools to deploy Kidaro’s standard MSI package within the enterprise or in offsite facilities. Regardless of the deployment method, administrators can choose to apply the enterprise domain authentication, before allowing the virtual machine to initiate. If applied, the virtual machine is inaccessible without a server token that is provided only after authentication. In addition, our optimized Trim-Transfer network delivery technology can be applied to any user, anywhere, regardless of the deployment method used (web, USB, DVD). I’d like to thank Mr. Ran Kohavi for taking time out to speak with me and for answering a few questions about his product. More information about the company and it’s product can be found on their Web site. Software Development