Virtualization Techniques for Mobile Systems

In a short span of time, mobile phones have matured from limited oversized gadgets to small powerful feature packed smart phones. Early feature phone devices offered little more function than basic email, calendar and contacts. Due to advances in semiconductor technology, these devices started offering the computation power comparable to a slightly older generation computer and made them capable of running a wide variety of user installed applications. With the emergence of apps, there came the increased importance of protecting the data on the device, much of which was of a personal nature. As adoption in the general public grew, people wanted to use their smartphones in the workplace; Enterprises began to embrace the new platforms under the banner of Bring Your Own Device (BYOD) and set about discovering ways to use them in enhancing the overall productivity and communication among team members. This brought about the challenge of how to manage devices not owned by the company yet still provide methods to securely access enterprise information in a way that complied with company policy, which in turn led to enterprise level device management and policy enforcement.

In order to achieve increased adoption and sustainability “bring your own device” (BYOD) schemes within the enterprise, mobile virtualization is rapidly becoming a very attractive choice because it provides both employee and enterprise with flexibility while addressing the privacy concerns of the user and meeting the organizations security requirements. Allowing BYOD devices in the enterprise requires policies in place that govern how devices will be used and how they will be managed while maintaining end user flexibility. A number of technologies for mobile virtualization have been developed over the last few years which range from sophisticated mobile device policy management, to hypervisors and container based separation [JaKa01].

A way to help analyze which system is most appropriate for your environment is to do a comparative analysis of the various solutions available. Here we compare four solutions: Divide from Enterproid, Horizon Mobile from VMWare, BlackBerry Balance from RIM and Good Dynamics from Good Technology. In order to analyze and understand these various solutions, we have to look at them by each category and the corresponding functions.

In order to see how mobile virtualization affects the BYOD user, a pilot was done with Divide from Enterproid, one of the mobile virtualization technologies described previously that is based on a application container approach. The pilot was run for 12 weeks with over 1,100 registered users out of which 817 were activated. Users were all employees who volunteered to participate in the pilot. There were no screening criteria and no specific instructions for use of Divide during the pilot. There were no prescribed evaluation tasks; participants were free to use Divide on their personal smartphone and/or tablet device(s) for business and personal tasks, in a manner natural to them.

An agile, lightweight, but secure extensible hybrid application container and deployment mechanism for mobile devices has the potential to provide improved cross platform support, reduced development lifecycle time and a consistent application security model within large organizations. Such an architecture can provide a set of security and mobile device management interfaces to lightweight applications written in a high level markup and scripting language and also how these applications can be provisioned via push or pull mechanisms to an enterprise user's device. The use of such a container for hybrid applications widens the potential support and development resource within an enterprise possessing readily available skill sets, thus permitting mission critical applications to be developed in a much shorter time frame [JaSm01].

In the previous chapter we presented a case study on how mobile virtualization affects applications from the user perspective where the results were directly related to the user’s perception of performance, usability and security. In this chapter, through benchmark analysis, the effects of three mobile virtualization technologies are compared to the reference benchmark application written in the Mobile Virtualization Container (MVC) model which executes a several performance functions for a predefined amount of time. The mobile virtualization technologies compared to the MVC model were Divide from Enterproid, Red Bend and Blackberry Balance 10.

The explosion of mobile devices in the consumer space has been quite a disruptor for the mobile enterprise where corporate managed platforms are well defined, well contained and fairly secure. However, now with the emergence of the consumer mobile devices from Apple iOS and Google Android, the enterprise has been forced to make functional tradeoffs in order to maintain platform and data security. Due to the corporate security decisions, the end user gives up a significant amount of personal freedom and ease of use of their device. Enterprise security requirements like password complexity, device encryption, network restrictions and other techniques that restrict the access to information on the mobile device tends to drive users away and/or encourages users to find other less secure alternatives that will eventually compromise enterprise data and access. A number of mobile virtualization technologies have been presented here, each of them delivering specific features that focus on ensuring the security of the enterprise container and applications. Application level containers, type 1 and 2 hypervisors and the new hybrid application container architecture all lack the organic integration of enterprise & personal personas found in solutions like the emerging BlackBerry 10 Balance platform. Hypervisor technologies show promise; however, it is specific to the Android platform, has higher end hardware requirements and not likely to be seen on the iOS platform anytime soon.