RealTime IT News

Neocleus Modifies Xen For Endpoint Security

Startup vendor Neocleus has enhanced and modified the Xen Open Source hypervisor, which is for servers, for use on endpoints such as desktops and laptops to enhance security.

The modifications include a graphical user interface (GUI), several connectivity and compatibility options, making the installation process easier, and improving security and performance for end users.

The Neocleus product is a Type 1 hypervisor , which runs directly on the system hardware, offering a higher level of security and virtualization efficiency, according to Neocleus.

It comes with a framework that includes application programming interfaces (APIs) , which define how system resources can be allocated to separate virtual environments so that specific IT tasks can operate outside of Windows, Neocleus said.

"Over the past 18 months, we've modified the Xen hypervisor to the point where we can run operating systems side by side," Neocleus co-founder and CEO Ariel Gorfung told InternetNews.com. "You can run Windows and the hypervisor together at the same time on one endpoint."

Neocleus wants to let users run a stripped-down version of Windows, which is "cluttered with a lot of IT and security agents, applications and processes -- productivity applications, virtual private networks, patches, antivirus applications. If you can move those IP and security agents outside of Windows, it installs cleaner, and is easier to restore because IT can treat it as a file," Gorfung said.

Also, moving antivirus programs outside of Windows will make Windows more secure. "The antivirus program is very vulnerable because it depends on the same API Trojan horses are trying to capture, and it will do a better job outside of Windows," Gorfung explained, adding that Windows' performance will improve and it "will be less prone to crashes."

Moving applications, including the browser and Microsoft RDP agent, outside of Windows also provides a degree of separation for the endpoint from the Web. "If you go to an URL from your desktop after moving applications outside of Windows, the next time you open the browser, the URL comes from a virtual machine completely separated from the physical machine, and the VM changes every time," Gorfung explained.

This will be completely transparent to the user.

Was modification really needed?

XenSource has worked with Red Hat, Novell, IBM (NYSE: IBM), HP (NYSE: HPQ), Intel (NASDAQ: INTC), AMD (NYSE: AMD) and Microsoft (NASDAQ: MSFT) on their implementations of Xen, and signed up Dell (NASDAQ: DELL) as a reseller. Also, Oracle's VM hypervisor and Sun's virtualization strategy with its xVM platform are based on Xen.

These vendors have layered features on top of the basic hypervisor, and the Xen community has been moving toward preparing Xen to run well on client devices for some time, Ian Pratt, leader of the Xen project at Citrix, told InternetNews.com.

"We've made great strides toward making Xen the de facto industry standard for use on laptops and desktops as well as embedding on servers," he added.

So, will Neocleus's implementation make the cut?

"My first concern is, if it's an open source project and someone's modified it, does this mean it will be accepted by the Xen community?" Dan Kusnetzky, principal at The Kusnetzky Group, told InternetNews.com.

The issue is still up in the air: all submissions are subject to review, discussion and improvement, and Neocleus's submissions "will be reviewed in the normal manner," Pratt said. "It's rare for stuff to get rejected outright."

On the other hand, acceptance of the Neocleus code by the Xen community will not help, because, if that happens, "why wouldn't users go to Red Hat or SUSE instead?" Kusnetzky said.

Finally, if customers install Neocleus and remove various applications and patches from Windows, they may not get support from Microsoft, Kusnetzky warned, adding, "Who wants to run a version of Windows that Microsoft won't support?"

Neocleus's desktop hypervisor is available immediately for select clients, independent software vendors and OEMs.

The hypervisor and framework will be released to the Xen community "in a few weeks," Neocleus said.