1. Spotlight
Virtual mobile infrastructure: What it's
about, and why it's important to the
enterprise
Analyst: Chris Hazelton 7 Apr, 2015
The fact that mobile computing is now displacing a share of 'traditional computing' in the enterprise is clear. What's less clear is how mobile
computing will run in the enterprise. The inherent and ongoing complexity of mobile environments necessitates a flexible set of tools for managing
mobile users. Enterprise mobility management (EMM) is more than a collection of competing tools – it is the evolving overall toolset that IT can use
to support users and control the movement of corporate data outside the enterprise.
Over the next few years, enterprise deployments with only mobile device management (MDM) will decline as companies shift their enterprise
mobility strategies from a device and asset management focus toward an approach that is centered on data and user management. Enter virtual
mobile infrastructure (VMI). Like VDI, VMI provides a virtual environment where there is no corporate data on the end device. A weakness for VDI
has always been connectivity. With a mobile device that is already heavily dependent on connectivity, VMI may just fit right in.
The 451 Take
EMM is about enabling the end user while protecting the enterprise when it comes to the use of mobile computing devices. As mobile
computing becomes pervasive in the enterprise, so too will the requirement for EMM. Wherever there is mobile data, there will need to be
controls for the enterprise – whether at the device, application or hypervisor level. To date, there has been some security emphasis on data­
loss prevention (DLP). With VMI, the main driver is DLP. With virtualization, there are always concerns about performance. In our own
testing, we were very impressed with the responsiveness of VMI. While there are still concerns about network dependency, today most
native mobile apps require some element of network connectivity to run properly. The ability to have a silo specific to work apps managed by
IT in the most stringent way will play well with security staff, without impacting the use of the same device for personal reasons.
How VMI works
Virtual mobile infrastructure is the installation of a custom mobile OS, primarily Android, in a VM on a remote server in a public or private cloud. Each
VM can run multiple user sessions. Each session provides a mobile environment where users can access mobile apps, which are then displayed on
a mobile thin client on the user's device. These apps can be the entire spectrum of mobile apps an employee needs, from email to line­of­business­
specific apps. They do not need to be secured individually, as the entire stack is running in a datacenter with encrypted communication between the
device and the VM. Similar to VDI, this is not a new phenomenon for IT. The main difference between VDI and VMI is cost. Vendors of VMI estimate
that it is half the cost of VDI.
The thin client can run on any mobile OS, but there are restrictions on how and where this client can run. The thin client can run on iOS, but due to its
open source nature, the virtualized OS is Android. For this reason, the current use cases are primarily on Android. On an Android device, the
experience is nearly seamless as the thin client mirrors the entire OS, from the familiar Android home button to an in­depth settings menu. Without
obvious cues, the typical user may have a hard time seeing when they are in the virtualized environment. From our own testing, we can easily see
workers spending their day in VMI, depending on the level and frequency of authentication that is required by IT.

2. Why virtual mobile infrastructure?
With mobile becoming an increasingly important computing platform in the corporate world, agencies and regulated industries that deal with
sensitive, secret or high­profile information are seeking ways to implement mobility. There are very real concerns about data being pushed and
pulled to mobile devices. To provide mobile access in these environments, purpose­built hardware or repurposed consumer hardware has been
used to meet security requirements. This means significant costs for devices that run in the thousands of dollars. The idea of VMI is not to avoid
hardware costs, but to provide workers with devices that cost as much as a medium to high­end smartphone. Here the idea goes from BYOD,
shifting hardware costs to the employee, to VMI, where mobile compute and data are moved to the cloud.
VMI is emerging as a tool for enterprise mobility as companies want to give access to corporate data without any footprint on the device. There are
two key trends that will drive VMI adoption. First, with rapid advancements in mobile devices, user expectations and component capabilities create
an opportunity to virtualize workloads. Devices with multicore and multifunction processors to support gaming and HD video are ideal for supporting
a virtualized environment for the enterprise. Second, 451 Research's IT Decision­Maker survey details that among IT's biggest concerns about
mobile security, the loss of IP and securing corporate data on personally owned devices top the list by far (see table below). VMI can provide
significant DLP on corporate devices. For employee­owned devices, albeit mostly Android devices, VMI provides a secure silo for corporate data
that cannot be accessed by personal applications.
Figure 1: IT's security concerns for mobility
Source: 451 Research's IT Decision­Maker Survey, March 2015 n: 263 Base: Those who think security is an obstacle to supporting remote and
mobile workers
Emphasis on government agencies
As with many security­focused technologies, the initial audience for VMI is government and regulated industries that emphasize security over user
experience. In our discussions with VMI vendors, most have customers or are in RFP processes with government intelligence agencies. The ability
to have a zero data footprint on devices that are increasingly important is putting VMI in the sights of these users. The target users are both
deskbound VIPs and field operatives. In each case, the loss of data can literally mean life or death. While stakes this high well overshadow the need
for a quality user experience, speed and ease of use is not something that is overlooked, and VMI does not fall short here.
Vendor landscape
As this is an emerging area, there are only a few players today, but we expect this list to expand. These players include a handful of startups and two
large vendors. There are no incumbents from the EMM market, as they currently are more partners for VMI providers than competitors. We expect

3. this to change in the next 12 months as VMI gains traction in the government vertical and then bleeds into the commercial space. This will be
through acquisitions since VMI requires significant engineering knowledge and time to develop transport protocols for virtualizing data on devices
that have highly volatile connectivity.
Select VMI players
Company Founded Headquarters Employees
Hypori 2012 Austin, Texas 30
Nubo Software 2011 Airport City, Israel 14
Raytheon Trusted Computer Solutions 1994 Herndon, Virginia 63,000 (Raytheon)
Remotium 2012 San Mateo, California 20+
Trend Micro 1998 Tokyo 5,200
Sierraware 2010 Sunnyvale, California 20+
Source: 451 Research
Hypori: Network security software firm Hypori was founded in 2012 by CEO Justin Marston. The company targets the defense, intelligence and law
enforcement verticals. It came out of stealth in August 2014. Hypori's Android Cloud Environment is in use by the US Department of Defense. Hypori
has also worked with the US Army to move to commercial mobile devices, as well as the US Air Force's Research Laboratory. The VMI­focused
vendor has raised $13.8m in venture funding from multiple investors, including Green Visor Capital.
Nubo Software: Founded in 2011 by CEO Israel Lifshitz, Nubo Software launched its VMI product in August 2013. The company claims to support
30­40 users per VM with 4GB of memory, and in testing was able to handle 30,000 concurrent users on one physical server. Nubo is bootstrapped
to date, but is starting to explore raising funding in the next few months.
Raytheon Trusted Computer Solutions: After working with government organizations on VMI for several years, Raytheon Trusted Computer
Solutions commercially launched Trusted Access: Mobile in May 2014. As part of the cybersecurity arm of Raytheon, this VMI offering builds on the
company's line of products from its acquisition of Trusted Computing Solutions in late 2010. These offerings fall under Raytheon's Intelligence and
Information Systems business. Trusted Access: Mobile also provides a thin client to run on iOS devices.
Remotium: Cofounded by security researchers from Immunity Inc in 2012, Remotium focuses on VMI. Its Virtual Mobile Platform was launched at
RSA in February 2013. In July 2014, Remotium landed Hitachi Solutions as a reseller. In September 2014, Macnica Networks also came on as a
reseller. Unlike competing VMI providers, Remotium is primarily focused on the commercial market. Investors include Draper Nexus Ventures and
CyberAgent Ventures.
Trend Micro: Trend Micro's Safe Mobile Workforce was first offered in mid­2014. Unlike other VMI firms, the company provides MDM and mobile app
management alongside VMI. Safe Mobile Workforce targets Android, iOS, Windows Phone and Windows RT.
Sierraware: Sierraware was cofounded by the CTO and VP of engineering at Menlo Logic, an SSL VPN firm acquired by Cavium in 2006. In addition
to VMI, the company offers an embedded mobile hypervisor for Android on top of ARM's TrustZone targeting government and defense, as well as
commercial devices. SierraVMI targets the commercial enterprise space. The company claims to be able to support 10,000 users with a dozen
servers, with installation and setup taking hours.
Takeaways
A key tenet of enterprise mobility is to limit the amount of data on the mobile device – virtual mobile infrastructure puts zero data on the device. In
addition to zero footprint for corporate data, once a session is ended, the connection to corporate back­end servers is turned off until re­
authentication. Mobile apps do not need to have their own security, and any and all app data and traffic is secured. Any app or service update is
done on the server and is displayed immediately to the device.
However, there is some lag and a slight degrading of user experience with VMI. In most cases, though, it is so minimal that it could be unnoticed or
similar to lag experienced with native apps on a mobile device, and users will be hard­pressed to differentiate the two in deal environments.
While MDM is gaining traction and awareness, no EMM technology has really tipped the market. At a time when data going to mobile devices is
rising, the emphasis on DLP will be a key argument for VMI in the enterprise. The ability to quickly provision devices with the same 'image' will play
well with IT. And the ability to have a silo specific to work apps managed by IT in the most stringent way – without impacting the use of the same

4. Copyright © 2000­2015 The 451 Group. All Rights Reserved.
device for personal reasons – will play well with users.
The argument of native vs. virtual is a threat for VMI, as it is with VDI. The difference here is that with a smaller screen and limited processing power
compared with a PC, most users will not really notice a difference in ideal VMI environments.
This report falls under the following categories. Click on a link below to find similar documents.
Company: No primary company
Other Companies: ARM Holdings, Cavium Networks, CyberAgent, Draper Nexus, Green Visor Capital, Hitachi Solutions, Hypori, Immunity Inc, Macnica
Networks, Menlo Logic, Nexus, Nubo Software, Raytheon, Remotium, RSA Security, Sierraware, Trend Micro, Trusted Computer Solutions, US Air Force, US
Army, US Department of Defense,
Analyst(s): Chris Hazelton
Sector(s):
Mobility / Application environments / General