Samsung and VMWare Bringing Virtualization to Android 135
jbrodkin writes with an interesting article in Ars Technica about virtualization and phones. From the article: "VMware's mission to bring virtualization to the mobile market gained a major supporter last week when Samsung pledged to use VMware software to build business-friendly smartphones and tablets. The project known as Horizon Mobile will let Android phones use virtual machine technology to run a second instance of Android, in much the same way virtualization works on servers and desktops. The user essentially has two completely separate phones running on one device, and can switch from the personal one to the corporate one by clicking a 'work phone' icon."
There are others pushing alternative approaches to virtualization on mobile devices.
VMs on a mobile device? (Score:1)
Re: (Score:2)
Surely there's a more efficient way to have 2 separate phone environments running on the same handset.
Yep. Just as there's a more efficient way to have two separate operating environments running on the same personal computer or server.
Re: (Score:2)
There is, using jails or chroots or openvz containers. How much separation you want dictates what method you choose.
Re: (Score:1)
You can run Windows apps with jails and chroots? Do the WINE guys know about this?
Re: (Score:2)
Of course not. He said two separate operating system environments, not can you run windows in it.
You would not be able to run it on this either, unless you have some arm compiled windows.
Re: (Score:1)
Windows 8 is ARM compiled.
It just seems that a lot of these comments are seeing the forest for the trees.
It would be silly to not invent and develop VirtualBox when chroots and jails "run things in an isolated manner". That's only a small use case. We want to run other OSes while inside our favorite environment.
Re: (Score:2)
Link to the download for that, or it is useless. Windows has supposedly been compiled for arm before and nothing came of it.
No one is missing anything kiddo. I just stated that there are faster ways to get this sort of separation if you were willing to run on OS multiple times.
Re: (Score:2)
Its not "windows" it does not support the same APIs as windows. Its kernel is perhaps similar, but the userland is nothing like it.
Re: (Score:1)
Its not "windows" it does not support the same APIs as windows. Its kernel is perhaps similar, but the userland is nothing like it.
"nothing like it" as in "Android is nothing like Slackware"?
Re: (Score:2)
the wince underneath is similar in api in some ways.
Too bad windows phone is just an app on top of that with a vm to run user installed programs. it's like going back to dos with a launcher. and people are calling it revolutionary. well fuck yeah it's a de-evolution.
Re: (Score:2)
Except that in the context of this discussion the OS running in the virtual environment is the same kind as the host OS.
Re: (Score:2)
Efficient? Maybe.
Secure and solid solution? Probably not.
This solution gives much better guarantee of security of the work VM to not be compromised by the home VM and so forth, and is also arguably a very clean and neat solution. You only need to carry one piece of hardware, but still effectively have two phones- one for work, one for home.
Re: (Score:2)
Surely there's a more efficient way to have 2 separate phone environments running on the same handset.
It seems like a reasonable way to keep my "personal phone" and my "work phone" separate, despite being the same phone.
Hypervisor-style virtualizaiton is pretty darn efficient (most instructions just run normally on the CPU, no inefficiency at all there), until you switch between machines. If you're running one "phone" or the other at any given time, it shouldn't be an issue, really.
As I see this is solves one key problem: my employer wants to wipe my phone if I leave. I don't want any of my personal info
Re: (Score:2)
Why not simply have two separate accounts, rather than duplicating the entire OS?
Re: (Score:2)
What's the cost you worry about in "duplicating the entire OS" - the size on the SD card? That still matters a bit today, but like any other storage it's getting cheaper fast. The size in memory? I know the the VMware server products actually de-dup memory pages in common between running guests (no clue about the phone version).
Seperate virtual machines can be separately snapshotted, rolled back, wiped, etc - I can trust them to lead separate lives.
Now you have my attention (Score:2)
While I'd be more interested from an end user and developer perspective, I like the idea of having a phone that will do both Android, WP7, and possibly even something like regular android, rooted android, (with multiple versions of android) and WP7 all at once.
Re: (Score:1)
While I'd be more interested from an end user and developer perspective, I like the idea of having a phone that will do both Android, WP7, and possibly even something like regular android, rooted android, (with multiple versions of android) and WP7 all at once.
While you're at it, can you throw in a flux capacitor as well?
Re: (Score:2)
For personal use, having both WP7 and Android would give the best app coverage i'd want without giving apple another cent. As a developer, being able to test multiple OS's on 1 device would be really nice.
Re: (Score:1)
Re: (Score:2)
I think it would be a bit clunky to use a VM just to expand your app choices. Now if they could do a mobile WINE type doodad, THAT would be something I could go for app choice expansion.
The VM is a good idea to keep the work and personal environments separate, but so would a duel boot type situation. That's what people (should) do with their laptops to separate their work from personal environments.
Re: (Score:2)
Hmm (Score:2)
Or android and bada at the same time.
Re: (Score:2)
Re: (Score:1)
yo dog, i heard you liked android.....
Comment removed (Score:3)
Re: (Score:2, Insightful)
With VMware’s Horizon Mobile, malicious software downloaded on the phone’s personal environment shouldn’t affect the virtual “work phone.” And IT shops can manage the virtual phones in much the same way as they manage virtual desktops, provisioning phones with standardized templates and pushing out application updates over-the-air, reviewing the health of the phone from a dashboard, setting policies restricting what the phone may be used for, and remotely locking or wiping the work portion of the phone.
This is probably more appealing to your employer's IT department than the phone user, but it does seem to have a practical use. However, this probably isn't fully implemented yet, so whether or not it actually achieves this functional requirement is purely speculation at the moment.
Re: (Score:2)
Ever heard of Blackberry Balance? Same thing, less complicated.
Wiping phones etc (Score:4, Informative)
One of the big issues in IT departments is that many people want to use their "personal phone X" as their work phone. I can somewhat understand this, as having two phones on my own belt-holster is quite irritating.
The big issue becomes, when a company's important data may be linked to the phone, who manages/owns the phone. If you have a corporate blackberry and an employee is terminated or loses the phone, you can wipe the phone via BES etc. It that phone is not necessarily a corporate phone, then you're going to have a pretty ticked off user (and possibly a lawsuit) if you wipe his/her personal stuff along with the phone. Also, what if the user jailbreaks the phone, etc
If personal/corporate space are separate, then your work space can be safely wipe the work VM. Similarly, an individual VM may have an entirely different privacy/security setting, jailbroken personal VM (and unbroken work VM) etc etc
My main concern would be performance. VM's nowadays are pretty efficient, but phones run on batteries and any overhead isn't cutting into what's already a fairly thin line.
Re: (Score:2)
Exactly correct. Could someone please mod parent up?
Re: (Score:2)
Irritating, but practical from not just your security standpoint, but from a "who owns the data" standpoint.
Going back to the personal VM on company phone - who owns that VM? You? Or the company, who paid for the phone? If you send a text message from the personal VM to your personal SIM, using th
Re: (Score:2)
I can somewhat understand this, as having two phones on my own belt-holster is quite irritating.
Ah the belt-holster, the modern-day pocket protector.
Re: (Score:2)
So you don't know anyone that carries two phones? Must not have many friends... It's simple, with this your company can finally give you a single phone that is simultaneously usable for work emails that you can't compromise with Angry Birds 8 or some other fart app, and that you can use for Angry Birds 8 and that fart app you just had to have. Not to mention the ability to charge in/punish out of the "correct" mode, such as taking personal phone call costs out of your paycheck.
Expect to see handset sales
Separate Numbers Re:Practical use? (Score:2)
Is this meant to fake out two phones, or just a mega-profile? Phones are all about service plans. If you have a 'virtual' phone does that require it's own service plan?
Does the same phone number ring both phones? (If it does how do you know if you should pick up with the Business profile or the Private profile.)
Do you need 2 SIM cards? (Not even sure how that would work.)
Sounds like it's just a mega-profile, and in that case it sounds like overkill.
Re: (Score:2)
Do you need 2 SIM cards? (Not even sure how that would work.)
It would work something like this.
http://en.wikipedia.org/wiki/Dual_SIM [wikipedia.org]
Re: (Score:2)
Re: (Score:2)
Many employers have specific requirements to use Andoid in the workplace. I know that I don't sync my mail/calendar/etc for this reason (they only support a handful of phones, and I'm not going to spend my own money buying a phone to meet somebody else's specs). Virtualization might meed the needs of both parties.
Of course, most of the corporate requirements are still silly. They want you to have a phone that somebody can steal, but they can't read the data off of it. Unless that phone requires a strong
Re: (Score:2)
So you haven't seen an iPhone,
Re: (Score:2)
So you haven't seen an iPhone, a BlackBerry, or a WM7 phone using the built in security?
And is the security on any of those phones implemented such that the data can't be simply read off the flash chips, which was my whole point? Every smartphone OS out there implements EAS/etc in some fashion - but every implementation I've seen is fairly straightforward to break with physical access to the device. This is just the illusion of security, which is typically all corporate IT cares about.
Re: (Score:2)
No, you cant't just read the data off the device with physical access - If you use the built in encryption.
http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB16088 [blackberry.com]
Apple encryption
http://support.apple.com/kb/HT4175 [apple.com]
At least for the iPhone, and I am almost sure it works the same way for the BlackBerry, data is encrypted using a hardware key stored on th
Re: (Score:2)
In that case the data is as secure as whatever memory unit stores the key. That is probably fairly secure, but of course it can never be completely secure (unless it requires a user to enter a reasonably complex encryption key on boot and uses protection against low-entropy attacks - not just a passcode).
Re: (Score:2)
I've yet to see a phone that actually implements security that isn't fairly trivially breakable (by pulling the battery and directly reading data off the flash chips).
Id like to see you try that on a blackberry with memory encryption in place.
Re: (Score:2)
Now you're talking, but most phones aren't that secure. And of course if you start running phones in VMs all bets are off. In fact, unless IT has the phone in their hands when they provision it they don't really know that the phone isn't virtualized in the first place, or that it really has those protections.
Re: (Score:2)
Billing isn't the issue. Typically, you see the two-phone thing in sales, IT and highly regulated environments. For example, if you work for a drug company, you must not allow users to store any corporate data on a hand-held device unless the company has complete control over it. This isn't the company's call, it's the FDA's. Why? Because that data is subject to retention policies that are related to drug testing rules, and you have to be able to guarantee that you can produce the information again on deman
Re: (Score:2)
that would be if virtualization was actually as good of a protection as physical phones, which it isnt
Re: (Score:2)
that would be if virtualization was actually as good of a protection as physical phones, which it isnt
Can you cite a source? I'm pretty sure I've never seen that comparison performed in the wild.
Re: (Score:2)
there is no need for any kind of source, physical separation will always be stronger than software separation.
now then again I suspect you're looking for stuff such as blue pill, and zillion other talks about how one broke into virtualization system X Z or Y and that's not "wild" at all, simply put visualization is complex and there's many potential bugs and design error everywhere (like in many other areas).
also, visualization is generally not though with security in mind as number one priority, which does
Re: (Score:2)
If there were a phone build specifically for it, I imagine you could easily use the Work SIM for one profile, and your Personal Plan SIM for the other -- so the work plan never gets billed for your calls to who-knows-where, and therefore shouldn't care what you do with it.
Re: (Score:2)
Re: (Score:2)
It would sure seem to make for some nicely hard to detect root kits. Your trojan can spin up a VM where it will be harder to detect as a rogue process inside the main OS. Have fun with that!
It would be pretty hard to do this. You would have to find a way to control the virtualization layer from within a guest OS. That's been the holy grail of defeating desktop virtualization security for a long time, and while there are occasional bugs discovered, I'm not aware of anything that's been exploitable enough and pervasive enough (e.g. unpatched versions) that there's been an active exploit in the wild.
I admit, I haven't followed the topic for a while, so fill me in if there are examples of such.
Battery life sucks (Score:1)
Re: (Score:2)
It will be several years before anything Google does could have any bearing on Moto devices- the 2 aren't planned to join for about 6 months, and even then it would have no bearing on anything currently in the pipeline. I can safely say that Google's influence will not be felt in the market for at least 2 years. For comparison, 2 years ago, Eclair had not yet launced. There are a lot of changes that can happen in that time.
As for battery life, I find them to be on par with other smart phones (which is mu
Re: (Score:2)
My 1.5 year old N79 lasts more than 3 days
A friends new Xperia mini pro lasts about 18 hours with the same usage pattern
similar patterns b/w Nokia s60 and android phones most of the time
Re: (Score:2)
And if the market forced battery life to be a priority, then we'd get the same battery life we had on slower devices, but the big drains are high-contrast, high-resolution screens and fast processors; both of which continue to be the driving market forces.
Re: (Score:2)
when a lot of the extra power is going to just display animations in menus, for me atleast thats a waste of battery power.
s60 had minimal animation in menus,etc. Android has quite a bit more
That could be a contibuting factor to battery life as well
Re: (Score:2)
same usage pattern as in
about 2 hours of calls, 30 - 40 mins of gaming, an hour of web browsing, few photos, 50 or so SMS,etc..
Re: (Score:2)
Your E71 probably also has a HUGE battery compared to the 5800
I dont remember the exact capacitiy, but the E71 battery has almost double the volume of the 5800 batery IIRC
Re: (Score:2)
Battery life sucks on all smart phones. The battery life of the iPhone 4 and Windows 7 phones is no better than the equally priced high end Android phones.
Sure some of the truly budged Android phones have noticably less battery life, but like for like, smartphone battery life is pretty shit in general.
Re: (Score:2)
My high-priced andoid phone lasts for many days if I use it only as a phone and music player (which I do when I travel). It's the radios that drain the battery - an hour of wifi seems to drain the battery as much as a day without.
Re: (Score:2)
Yeah, but the point is, it's still not a touch on the likes of my old Nokia 7650 which still had bluetooth, a colour screen, a camera, could run games like Doom and so forth which used to last about 8 days without charge, and still had bluetooth etc.
That's really the problem, even if you get a smartphone to last 3 days it's still relatively shit compared to what we've had over the last decade.
It is of course partly the price of progress, but there you have it. I can see why smartphone battery life pisses pe
that's nice (Score:1)
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
I know I'm by no means the smartest kid in class, but this should have been obvious once phones started equaling computers in capabilities.
Re: (Score:2)
Entire VMs could be encrypted and provisioned by your IT staff, to meet the needs of policy. Those irritating 5-minute auto-screen-locks? Now it's only a problem on your "work" phone. At the end of the day, flip back to your personal device, and you're good to go - all the while your email continues to download in the background.
Company decides to remote-wipe? There goes the VM. But only the VM. You're still as mobile as you ever were.
Yup, and one snapshot restore later that wiped phone is back and running with nobody the wiser (once you block net access at the VM level). Oh, and the encryption key is stored on the drive or in the virtualized TPM (that you can trivially query from outside the VM) if it doesn't require a password to boot. Then again, it is virtualization, so it must be good for corporate IT, right? :)
Today's phones don't have the hardware to pull this off effectively. But, tomorrow's phones will arrive.
Well, today's phone have more power than the fanciest workstations that existed 15 years ago, and yet they struggle to ru
Re: (Score:2)
Today's phones don't have the hardware to pull this off effectively. But, tomorrow's phones will arrive.
define "tomorrow".
what evidence is there that mobile devices will ever, in the foreseeable future anyway, have the excess battery power to run a VM? the problem is that as batteries get better, they invent new hardware to consume the battery. batteries for the most part are always just barely good enough to run the hardware, and hardware and the software it runs are limited by the battery.
speed (Score:1)
VM's are not speed daemons, neither are phones is this really worth the effort because no one at samsung has figured out that you can have different sessions without having to boot 2 os's
Re: (Score:2)
That is true if you're counting I/O, where the extra abstraction layer adds overhead (but which is diminishing with every hardware generation).
In terms of actual CPU computation ability, there's no difference between running on bare-metal and in a VM.
Yes this is worth the effort, because Android wasn't built to be multi-user (which is where I assume you're trying to take this argument). Putting in a hardware level hypervisor would be easier, in some res
Re: (Score:1)
I must be running the wrong VM, whenever I run an OS in vm ware its noticeably slower than real metal, Its perfectly useable but its no faster than the PC I had 2 PC's ago
Re: (Score:2)
You're both right.
There is obviously some performance loss with a VM, as anything that it tries to do that is privileged will result in a fault that the hypervisor has to deal with.
But, if the hypervisor has extra knowledge of the underlying OS (which is the only code that should be doing privileged things...user space doesn't do that), some of the performance loss can be mitigated. You can also have hardware that works better with virtualization, like the latest Intel chips allowing individual PCIe paths
Re: (Score:2)
Are you doing a lot of I/O? 3D graphics? Old CPUs?
Normal user-mode code does run just as fast on a VM as native, there's nothing special happening in a virtualized environment until the kernel starts messing with hardware (I/O, page tables, etc, the stuff that needs to be virtual). OTOH, switching between running VMs is expensive - there's definitely overhead if you're actively using 2 or more at the same time (but that seems unlikely on a phone).
Chroot/Jail (Score:2)
Re: (Score:1)
I don't think you can use Android to run WP7 using chroots and jails.
Re: (Score:2)
No one wants WP7.
What we do want is to run mulitple full android OS at the same time.
Re: (Score:2)
Re: (Score:1)
Then virtualize iOS then, I can't predict what OS you will need.
The fact is that there are useful applications and environments out there that someone will need to use since Android doesn't have an equivalent. It's the same reason we have virtual machines today.
Re: (Score:2)
We're are not talking about virtualizing different operating systems on android here, just Android under Android. Sheesh, read the description of the article at least if you don't read the article.
Re: (Score:2)
Well yes, that's what Samsung will be offering now. But if you can put 2 and 2 together, it's pretty clear that the next step would be having 2 (or more) different operating systems. Even if we stick to corporate environment justification, it's entirely possible that the IT department will only support WF7, but not Android, which the employee wants to use personally, or vice versa.
Re: (Score:2)
I don't think anyone in their right mind will want to run WP7 anyway. Certainly not if they have something slightly less shit like a late-model Android.
Re: (Score:2)
Because Jails are not a feature of Linux unless I am mistaken (and I might be), and because chroots arent meant to be for security; they can be bypassed.
Re: (Score:2)
Java VM (Score:2)
I thought Android was already all about a Java VM. So... just start another Java instance?
But it seems silly to do all that just to swap out your profile data.
Re: (Score:2)
Same thing. It's a hardware independent VM, no?
One useful application (Score:2)
Linux has Xen, KVM, and LXC, so why VMware? (Score:1)
Android is based on Linux and Linux already has Xen, KVM, and LXC for virtualization. What would VMware add to the mix other than cost?
Xen and KVM can be a bit heavy handed, but LXC is lightweight and may be best suited for mobile virtualization (assuming that you only want to run instances of the host OS--a limitation of containers).
KVM is based on qemu and I already know that works with ARM--the processor of choice for smart mobile devices.
So, I do not see a need for VMware.
As for VM need: Given all the
Re: (Score:2)
Inefficiencies (Score:2)
Many people have addressed how this must be very inefficient. Well, I think if properly designed this shouldn't be much of an overhead. It depends if you really want to have both OSs running at the same time (lots of overhead) but you probably don't want to do that, or can work around it (most process certainly won't need to be running at the same time).
Also, hardware virtualization and hypervisors that allow paravirtualization might make it pretty efficient. Xen comes to my mind.
Give Me IOS Running In A VM (Score:1)
Personally, I'd love to be able to have IOS running as a separate VM. Then I could run the 3-4 IOS apps I like that just don't have a good Android equivalent.
Or worse case, run Android as a VM in IOS.
-J
That screaming you hear (Score:2)
Re: (Score:2)
One nice thing that you can commonly do with virtual machines is to suspend them.
Funny Name (Score:1)
IDEA! (Score:1)
I heard you like... (Score:1)
Re: (Score:1)
Here's the thing (Score:2)
Plain stupidity pays these days (Score:2)
I find it really funny how companies succeed in making people think they may need this kind of crap.
Re: (Score:2)
Re: (Score:2)
no, it's not useful for development either, you cannot develop a kernel for it as it's not the real hardware, and android SDK has an emulator already, which is faster than running it on a phone with whatever virtualization.
The only possible use I see is sandboxing, but again, it's overkill...
Multi-Crash© Ready (Score:1)
This is fantastic. I can have one instance in the middle of booting, another instance in the middle of crashing, and a third that's frozen waiting for the other two to give it some CPU time...
(I love my Samsung Galaxy, but the constant freezing/lockups are getting old...)
Re: (Score:2)
Sure, but you'll probably need to plug it into the wall, and attach a keyboard, and a larger monitor...
Re: (Score:1)