Yesterday, I was having a chat with MokaFive’s CTO, John Whaley, and Burt Toma, our Director of Products, about the just-announced MokaFive BareMetal. Where, we wondered, does BareMetal fit into the architectural ecosystem?
As we deconstructed the issue, we found ourselves replaying one of computer science’s most notorious debates: monolithic versus microkernel architectures.
Linus vs Tanenbaum
The infamous debate began almost 20 years ago, with Linus Torvald, the originator of Linux, arguing the benefits of a monolithic approach, and Andrew Tanenbaum, a computer science professor and founder of MINIX, arguing for a microkernel approach.
In the end, although each side acknowledged the merits of the other, nearly all of today’s popular OSs—Linux, OS X, Windows–uses the monolithic approach. Its inherent simplicity, performance and portability are better suited for real world.
MokaFive BareMetal also employs the tried and tested monolithic model. In contrast, Xen uses the microkernel approach, which is sometimes touted as a more elegant one. Just like the debate from 20 years ago, you may hear arguments on both sides of the table.
But at the end of the day, we all agreed—and we think you would too—that the answers must be informed by the business problems that we are trying to address.
First principles
MokaFive’s goal has always been to simplify desktop management—making IT’s job easier, saving money, and keeping users happy—all without sacrificing security.
But we understood that these problems must be addressed in a holistic fashion, or we’d risk developing a substandard solution.
For example, if management wasn’t an issue, you’d need nothing more than a standard OS that could be dropped onto any hardware and then be completely locked down. If performance were the only issue, you could easily use a host’s native OS, fine tuning it for performance, and go home for the day. And if security wasn’t an issue, you could let users bring any old PC to work without worrying about compromising the security of the entire enterprise.
The bottom line is that you need *all* of it. Hardware independence, performance, security and centralized management are all critical to your enterprise.
Best of all worlds
Which brings us back to BareMetal.
BareMetal installs directly onto the hardware, so it doesn’t require an existing OS. It uses a thin service OS, based on a hardened, fast-booting Linux kernel, with an embedded hypervisor. The Linux base and the hypervisor are in the same address space (monolithic) which allows BareMetal Player to leverage the large universe of Linux drivers and drive nearly any enterprise desktop or laptop hardware.
BareMetal also has a strong management engine that can update the VMs (LivePCs) as well as the underlying BareMetal stack. Even better, since the image is virtualized, IT can deploy a single golden image to any hardware—giving organizations hardware independence.
The lightweight, hardened BareMetal is only 350 MB, so it presents a very small attack surface and minimizes drain on the CPU. This offers tight security and near native performance.
The full picture
Unlike anyone else in the industry, MokaFive with BareMetal provides the same management console and the same levels of quality and security to Type 1, Type 2, Mac, PC, Windows, Linux . . . whatever you’re running. Furthermore, we’ve added a set of unique features and capabilities that Citrix XenClient does not have, many of which are not included in Virtual Computer’s NxTop, including:
- Zero-touch update process
- Dynamic driver installation at boot
- Image compression and encryption
- Remote support through any network connection
- Fast start up / early authentication
- Optimized TRIM support for SSD drives
- Image updates without disrupting user customizations
- Off-network AD domain join
- Single sign-on to images
- Auto-lock of images when host sleeps
At the end of the day, we dropped the debate. Because purist arguments about monolithic vs microkernel architectures, or Type 1 vs Type 2 for that matter, really don’t matter. You just need to solve your business problems.
BareMetal tackles all the key business problems we heard from our customers. Take that, Torvald and Tanenbaum—MokaFive has your answer.
Interested in learning more? Check out BareMetal. You can sign up for a free trial here.
Cheers,
Purnima Padmanabhan, VP Product and Marketing, MokaFive
{ 1 comment… read it below or add one }
In terms of security and Lines Of Code (LOC), the 350 MBytes of the BareMetal monolith does not really look like having a small attack surface when compared to modern micro-kernels.
Is there any chance that MokaFive will significantly reduce that attack surface, for example by jacking up and para-virtualizing the BareMetal monolith, and underpinning it by a micro-kernel which has a truly minimal Trusted Computing Base, such as for example OKL4?
That would be a killer for the domain I am currently working in! So please let me know if interested in following up.
Thanks,
Rolf