A company called MokaFive has created a technique called "virtual layers" to selectively manage pieces within virtual machines running on Mac, Windows, and Linux workstations, without affecting other portions. While VMware and other virtualization products let users revert a virtual machine to a previous snapshot, the MokaFive Suite lets users and administrators selectively roll back the operating system, IT-installed applications, or user-installed applications, all without touching the user data and settings in the virtual machine. Administrators can also update, add, or remove specific components in multiple users' virtual machines.

We last reported about MokaFive two years ago when it released its first beta release for Mac OS X. The full suite first shipped last year. Two weeks ago, the company release version 2.7 of MokaFive Suite. The server runs on Windows and Linux.

On users' machines, the operating system portion of the virtual machine is automatically reset to a clean state every time the user reboots-without affecting settings, licenses, or documents. A user who discovers an infected system can also click a Rejuvenate button to return to a clean operating system state. The users' applications, documents and preference settings are retained. By contrast, when a VMware of Parallels user reverts to a saved state (called a snapshot), the entire virtual machine reverts to a previous state.

MokaFive, however, is not an alternative or competitor to the virtualization platforms (or "hypervisors"). It works with VMware Fusion on the Mac and VMware Player on Windows. The MokaFive client software called MokaFive Player packages the hypervisor and the virtual machine -- called a "LivePC"-- in one bundle. MokaFive's server can distribute the LivePCs to up to several thousand users, but the LivePCs run locally on the users' machines, not from the servers. Users don't need to be connected to a network to use the virtual machine.

MokaFive plans to add support for running LivePCs with other hypervisors in addition to VMware.

"We want complete support across all platforms," said Purnima Padmanabhan, MokaFive's vice president of products and marketing. "Our goal is to stay platform agnostic vis-à-vis the hypervisor as well as the operating system."

MokaFive will be adding support for running LivePCs with VirtualBox next with a beta testing period starting next month. The company is also looking at Parallels Desktop.

"We will port to additional hypervisors such as Parallels based on user demand," said Padmanabhan.

The key aspect of MokaFive is that it separates a virtual machine into "virtual layers" that can be updated, edited, or rolled back individually without affecting other layers. The bottom virtual layer is the guest operating system running in the virtual machine. Another layer can contain the applications that the organization supplies, such as office and productivity suites. Administrators can use another layer to contain applications that users install, to the extent permitted. Cached data, such as recent web pages and other temporary info, could be in another layer. The top layer is the user data, settings, and customizations. Administrators can place different items in a virtual layer as they wish, or use different layers for differ users. But users still see the virtual machine as a monolithic entity.

Layering allows administrators to patch and maintain a single image, which the company calls the "golden image." This contains the operating system and application layers used by every user. When a user reboots, the LivePC sources these two layers from the golden image, keeping the users' virtual machines are always up to date. On top of the golden image, administrators can create different layers--for instance, layers containing applications for different classes of users. MokaFive thinks this results in reduced management costs.

"Enabling IT to manage an entire suite of desktops using a single golden image delivers huge economies of scale and can reduce the desktop management costs by a much as 45 percent," said Padmanabhan.

Administrators can create policies to control what users do in a virtual machine. An admin can also terminate a LivePC image on a lost or stolen notebook computer, or for the computers of contractors no longer working in the organization.

Users can download a LivePC from a Web interface. Since a LivePC can include the hypervisor software, there's no need for IT to manually install or configure VMware or VirtualBox.

The LivePCs are compressed using a proprietary format to make a download faster. A MokaFive representative said that the compression can take a Windows XP virtual machine down to 300 MB. This is small enough to place on a USB flash drive, which can also be encrypted. Users can move the LivePC between and Mac and a Windows PC, to run on either. Users can run the LivePC directly from the flash drive, which conserves battery power on notebook computers.

The compression technology also enables a LivePC to be placed on a BlackBerry SD card. When the BlackBerry is plugged into a computer, the LivePC can be run will residing on the BlackBerry. When the MokaFive is running from the BlackBerry, the device is still fully functional.

Are you using MokaFive? what you think of it.