Sitting in the architectural middle-ground between application virtualization and hypervisor-based virtualization (Virtual Machines) is workspace virtualization. Workspace virtualization is a virtualization approach that encapsulates and isolates an entire computing workspace. At a minimum, the workspace would comprise everything above the operating system kernel – applications, data, settings, and any non-privileged operating system subsystems required to provide a functional Windows desktop computing environment. Such an ideal scenario is almost never achieved, due to architectural concerns imparted by modern operating systems and application development practices:
Minimalist Workspace Virtualization Architecture
Applications frequently contain privileged code (drivers or services), which interacts with the operating system at a privileged level. These privileged code modules need to be properly isolated and virtualized, in privileged/kernel mode.
Operating system subsystems frequently are separated into privileged and non-privileged modules. Both modules need to be virtualized in order to properly support applications using the subsystem.
Due to these concerns, a proper WVE needs to provide the capability to virtualize privileged code. A full WVE that virtualizes privileged code is shown in figure below, can provide the capability to virtualize privileged code modules and full operating system subsystems through a kernel-mode WVE. Full WVEs provide a foundation for executing a full workspace that can join an enterprise domain, has an isolated network stack and supports applications such as endpoint security, databases, strong authentication and PC management software that require drivers and security services.
Preferred Workspace Virtualization Architecture
An ideal WVE enables:
A duplicate set of privileged virtual subsystems (I/O, Networking, Security, etc)
A duplicate set of non-privileged virtual subsystems (Software installation, remote management, etc)
Support for isolated workspace application (end-user application software)
Sharing of redundant subsystems with the host PC where architecturally relevant (for high performance I/O to shared hardware devices, for example)
By enabling the above capabilities, the WVE-based workspace virtualization solutioncan offer a high level of application compatibility while simultaneously providing a high level of performance to virtual applications by allowing some selected subsystems to be shared with the host PC.