Server virtualization has moved well beyond the arena of early adopters and is an accepted solution to many of the challenges faced by IT organizations. However, desktop virtualization has not made the same inroads. Certainly, there have been some key uses for desktop virtualization, such as development and test, but there has not been broad penetration into the non-technical desktop market. There are signs that this trend is about to change.

The major virtualization vendors, including Citrix, VMware, and Microsoft, have recently released new or updated desktop virtualization products that aim to make virtualization as common on the desktop as in the data center. The value proposition is largely the same as on the server: rapid deployment, better hardware utilization, easier management, and increased separation of workloads.

At the same time, security and compliance concerns are pushing IT organizations to bring the same level of application and data separation common in the data center to the desktop. Just as it's now unimaginable to host Internet-facing applications on the same server as key internal applications, security and privacy concerns may make using a single desktop operating system for each user similarly unthinkable.

Given these trends, it would seem natural for organizations with high-risk environments, which have long recognized the need for strong separation on the desktop, to flock to desktop virtualization. These environments, traditionally found in government, utility, health care, and financial organizations, are driven by security concerns to utilize two or more physically separate desktop systems per user to protect internal systems and prevent confidential data from leaking. Consolidating these desktop systems using virtualization can dramatically reduce space, power, hardware, and management costs. However, despite these apparent advantages, security often remains a barrier to entry to adopting desktop virtualization solutions in these environments. These security concerns go beyond the separation and security features provided by typical desktop virtualization products.

To illustrate the security concerns of these high-risk environments, consider the recent high-profile emergency shutdown of the Hatch nuclear power plant near Baxley, Georgia, that was caused when a single computer system was updated. The computer system, which was connected to both the corporate network and the network dedicated to controlling the nuclear power plant, was updated by an administrator unaware of the two network connections. When the administrator rebooted the system, it caused the plant's safety systems to erroneously conclude that there was a drop in the water reservoirs used to cool the reactor, causing an emergency shutdown of the reactor. Thankfully, the shutdown proceeded smoothly and no one was in danger; however, it probably cost millions of dollars and required a full investigation by the Nuclear Regulatory Commission.

It was not simply a procedural problem that led an administrator to make updates to a system without fully understanding its function. The system was incorrectly connected to both networks, a mistake the plants technicians were aware of but hadn't corrected. While it's not clear from public information why this inappropriate connection was made, it underscores the importance of strict separation and isolation in these environments. Even a single lapse in network separation caused significant safety concerns in this environment. It also demonstrates why these organizations can't lightly adopt desktop virtualization in high-risk environments. As desktop virtualization solutions would be relied on to maintain this crucial network separation, it's critical that the solutions be carefully architected and engineered to provide the required level of security.