Is Application Virtualization Really the Best Answer for Application Packaging, Management, and Delivery?

Application virtualization is a great example of how desktop management can be radically improved with virtualization technology. It works by isolating a single instance of an installed application into a package and automatically distributing that package to endpoints, often based on provisioning policy. The application is then run inside a protected “bubble” to isolate it from other applications. Imagine never having to worry about application conflicts, or patching thousands of end points! It's easy to see why so many enterprises are looking at application virtualization as their new method of application packaging and delivery.

But while the promise is great, it doesn’t take long before you realize the current solutions make creating a fully virtualized application environment difficult, if not impossible, to achieve. There are 2 main challenges:

• Applications can be too isolated. Isolation is great when an application runs all by itself. But when it needs to integrate with other applications, isolation becomes a problem (see Nicole's humorous holiday take on this subject). Suddenly, that hyperlink in your PowerPoint deck doesn’t start Internet Explorer, or the embedded spreadsheet object doesn’t launch Excel.
• Not all applications can be virtualized. Some types of applications just don’t accept being virtualized very well. For example, applications that require access to all files (such as antivirus scanners and indexers) often break because the "bubbles" don't let them have this access. And programs that have kernel modules (such as quota managers, VPNs and antivirus) often break because isolation is unable to protect kernel level operations.

Both of these problems stem from the same root cause – isolation (bubbles). So while isolation is highly desirable for supporting old or badly behaving applications, it also adds its own challenges. What are enterprises doing to get around this?

In order to get most of your applications successfully virtualized, you need to start with a detailed analysis of your desktop use cases, understand all of the application interactions and integration points that your users depend on, and then build your isolation strategy around these requirements. This is a complex, time-consuming, and error-prone process that has spawned an entire consulting industry. And even the best planned projects still can’t predict what users may try to do in the future ... resulting in frustration and service desk calls.

Why introduce all this complexity? For many enterprises, only a small subset of their applications require the benefits of isolation, like needing to run multiple versions of a JVM, or needing to use an old version of Word to run reports. I visited a bank recently where the CIO said “We are running a few applications that are older than your developers!” Applications like that are clearly candidates for isolation. But that's the point - it's usually only a few.

What about the rest of your applications? Do you really need all the complexity of isolation when what you really want are the other benefits of application virtualization - single point of patch, automated provisioning, and endpoint delivery?

The best answer may be to offer application packaging and delivery separately from isolation. This gives you all the benefits of managing a single instance of the application, patching it once, and automatically distributing it across the enterprise – without the headaches of isolation. Users will be happier because their applications will be fully interactive, without any limits on integration. And since there is no isolation, all application types can be packaged and delivered (such as antivirus applications). You can then continue using your favorite application virtualization solution to selectively "turn on" isolation just for those applications that truly need it.

Lower cost of deployment, lower cost of support, greater application coverage, and happier end users. That's what application packaging and delivery, sans isolation, can do for you. And, no surprise – another great set of capabilities you can expect from Unidesk soon.

-Chris Midgley
Unidesk Founder and CTO