At Citrix Synergy 2011 in San Francisco last week, Citrix released tech previews of two new versions of its bare metal client hypervisor: XenClient 2 and XenClient XT. And since the minute these two products were announced, people have been trying to get their heads around the differences between them. Are they two different products? Which one is better? Why do I need one or the other?
If you’re looking for a short answer, the difference between XenClient 2 and XenClient XT is that XenClient 2 is the “regular” version of XenClient; an upgrade from XenClient 1 which Citrix released last year. XenClient XT, on the other hand, is a special version of XenClient that’s been specifically designed for high-security environments (like defense and government agencies) that allows them to run highly secure VMs with specialty security requirements.
Let’s take a closer look at each one.
Citrix XenClient 2: an upgrade to XenClient 1
We’ve written quite a bit about Citrix’s first version of XenClient. But in case you missed it, here’s the gist: Citrix XenClient v1 was a nice first effort, but several severe limitations prevented broad scale adoption. Citrix’s lead product manager for XenClient, Peter Blum, said the main goal with XenClient 2 is to overcome the limitations of the first version and offer something that can “be used in production and at scale.”
Perhaps the biggest change with v2 is that Citrix vastly increased the hardware compatibility list (HCL), so XenClient 2 runs on a lot more laptop models than v1 did. The main thing Citrix did to achieve this was to drop the Intel vPro requirement, although XenClient 2 still requires Intel chips (it doesn’t support AMD processors). XenClient 2 also supports Radeon and FirePro graphics controllers from AMD (formerly ATI).
These enhancements mean that XenClient will run on what Citrix calls “volume enterprise” laptops, which is the name for the “regular” non-vPro standard issue laptops that enterprises tend to buy in volume.
Citrix also updated the Synchronizer, its datacenter-based component that’s responsible for delivering new and updated VM images to XenClient devices and for backing up existing images. For example, now they’re able to compress and backup only the user-specific areas of the disk that change, rather than backing up everything.
These changes, combined with Citrix’s push to move several key features from “experimental” to “officially supported” status -- such as the VM-to-VM Secure Seamless applications and Dynamic Image Mode -- means customers ought to be able to start using XenClient 2 in a meaningful way.
Speaking of customers, one of the perfect potential use cases for client hypervisors is government and defense contractors who hope to replace multiple physical PCs with a single machine running multiple VMs.
In the world of high security, organizations literally have multiple physical networks, each with their own security classification levels and security standards. Throughout the course of a day, individual employees often need to access applications on multiple networks, so they very literally have two or three PCs on their desks (one for “secret,” one for “top secret,” one for “unclassified,” etc.) connected to a single monitor with a KVM switch.
A client hypervisor running on a single PC could literally save these organizations millions of dollars per year in hardware and support costs, not to mention boosting productivity by providing an easy way to get data from the less secure to the more secure networks (while preventing the data flow in the opposite direction).
To that end, the US National Security Agency (NSA) actually made some changes to the open source Xen client-based hypervisor in order to get it into compliance with their special security needs. Citrix took this and, working with the government and other security experts, built a special version of XenClient around that ultra-secure core. And that’s what XenClient XT is. (I have no idea why Citrix picked the letters “XT”—which stands for “extreme”—as their moniker for the high-security version of XenClient. Why not “HS?” Maybe they didn’t want to imply that regular XenClient wasn’t secure?)
XenClient XT is actually based on XenClient 1.1, so in a sense it’s a fork of XenClient that’s been specifically hardened. (Those who are familiar with the high security world are used to using “old” versions of products since securing and certifying products takes time, so they’re always a few versions behind.)
Because XenClient XT is designed for high security environments, it’s really designed to run on desktops (since “portable computer” and “top secret” don’t really mix), so that’s another key difference between XenClient 2 and XenClient XT. This means that the HCL of each is a bit different. For example, XenClient XT supports Nvidia graphics processors. XenClient XT also supports some advanced policies and VMs from the Secure Environment Linux (SELinux) project, another government-funded secure component.
So all things considered, 99% of the world will want to use the regular XenClient 2, even when you want to be “secure.” The only people who will need XenClient XT are those who have to meet very specific government security requirements. And if you don’t have to do this -- trust me -- you don’t want to!
ABOUT THE AUTHOR:
Brian Madden is an independent industry analyst and blogger, known throughout the world as an opinionated, supertechnical desktop virtualization expert. He has written several books and more than 1,000 articles about desktop and application virtualization. Madden's blog, BrianMadden.com, receives millions of visitors per year and is a leading source for conversation, debate and discourse about the application and desktop virtualization industry. He is also the creator of BriForum, the premier independent application delivery technical conference.