I've been bullish on virtualization in mobile devices, particularly phones, ever since I heard the idea. The advantages are so strong it's hard to see any other approach winning--in the long term, anyway. In the short term, virtualization probably consumes too much CPU and memory to be practical on normal phone hardware configurations.
Here's the basic very cool thing about a cell phone with virtual machines (VMs): You can completely separate the private and business uses of the phone. The two virtual machines have separate apps, separate data, they can even have separate phone numbers with separate billing.
It's the ultimate solution to the security problems of consumerization and BYOD. The user can be as irresponsible as they wish with their private phone VM, and IT can be as overbearing and picky as they wish with the business VM, and they don't interfere with each other.
There aren't a lot of companies working on this approach out in the open. VMWare has its Horizon Mobile software, which works, like VMWare, down at the machine level.
Israeli company Cellrox takes a different approach: It uses a modified Android distribution that virtualizes sessions with the OS, above the Android kernel. (All these approaches work on Android because it's the only platform that allows OS-level innovation.) Up to eight (theoretically, if not practically) sessions, called personas, can run and appear to be completely separate. In practice, you want two personas: business and private. The paper "The ThinVisor Mobile Device Virtualization Architecture November, 2011" explains the Cellrox approach in more detail. The multi-persona interface is called Jade.
The user interface for Cellrox is simple and effective. A special color-coded status bar at the top shows which persona is active and which others are available. We met up with Cellrox and its partner Movius Interactive Corporation at the CTIA Wireless conference in New Orleans in May. See the system in action on a phone with two personas, with two separate phone numbers, in the video here.
In the Cellrox system, the business persona is controlled by the Mobile Device Management (MDM) software. The company doesn't claim its MDM to be special in any way, but the interesting part is that the private persona is separate from that of the business persona, or the private persona might not be managed at all.
The business persona can have many security features that aren't necessary in the private persona: strong passcode enforcement, control over application installation by the user, anti-virus protection, and much more. The Cellrox status bar not only shows you which persona is active, but it provides notifications, such as e-mails and calendar alerts. Some services and notifications, such as battery life and screen brightness, are common to all personas. See some of these features in the Cellrox video here.
The advantages of this approach are profound: Applications can run native, at--or at least close to--native speed. Some security approaches, such as Good Technology's, require custom development. Cellrox is compatible with development-level security measures, such as containerization, but it lessens the need for them to a degree.
In the extreme, worst-case scenario of the fired employee, IT need only wipe and remove the business persona. The user's private persona can remain untouched, avoiding the common horror story of people's baby pictures being deleted forever by an IT mistake.
Because of the level at which Cellrox operates, it needs to partner with handset makers and possibly carriers to get its product to end users. In a busy market it's not clear who will win these battles, but Cellrox's approach looks like a winner. Of course, it might be that cell phone virtualization won't become really respectable until Apple invents it, but it's coming, one way or another.
Written by Larry Seltzer.
Article from Byte.