Friday, July 30, 2010

Bare Metal Hypervisors for the Desktop, why we really need them

A recent story in Network World brought my attention to the efforts to deliver a "Bare Metal" hypervisor to the users desktop machine. The obvious problem with getting anything to run bare metal is drivers. This is going to be a VERY hard nut to crack.

The operating systems we currently use are not secure enough, are prone to failure, and are hard to manage.  Virtualization would ease all of these concerns, thus the perceived need.

The real issue is one of the nature of operating systems. The operating system exists to manage the resources of the underlying hardware and to make it available to the programs that wish to use it. The current crop of desktop operating systems fail miserably in this role because of their flawed security model. The rush towards virtualization is actually all about security models.

In a VM environment, the system administrators explicitly define the resources to be given to a virtual system. This is a course grained capabilities system.

Eventually it will dawn on everyone that you could do this in a finer grained way, using Cabsec, but that may take another 20 years.

In the mean while, we'll keep on filtering the net, scanning for viruses, blocking spam, and moving virtual machines around.

No comments: