Integration is the biggest thing. While some desktop VM hosts provide various integration bits like file sharing and rootless window support, the experience is rarely seemless.
Drawing a few examples from an old Raymond Chen blog post[1], integrations required for seemless operation include
• Host files must be accessible in guest applications using host paths and vice versa. Obviously this can't apply to all files, but users will at least expect their document files to be accessible, including documents located on (possibly drive-letter-mapped) network shares.
• Cut-and-paste and drag-and-drop need to work between host and guest applications.
• Taskbar notification icons created by guest applications must appear on the host's taskbar.
• Keyboard layout changes must be synchronized between host and guest.
These are, at least to a useful degree, possible. Integrations that are effectively impossible in the general case:
• Using local IPC mechanisms between host and guest applications. Chen's examples are OLE, DDE, and SendMessage, but this extends to other mechanisms like named pipes, TCP/IP via the loopback adapter, and shared memory.
• Using plug-ins running in the guest OS in host applications and vice versa. At best, these could be implemented through some sort of shim mechanism on a case-by-case basis, assuming the plug-in mechanism isn't too heavily sandboxed, and that the shim mechanism doesn't introduce unacceptable overhead (e.g., latency in real-time A/V applications).
Finally, implementing these integrations without complicated (to implement and configure) safeguards would effectively eliminate most of the security benefits of virtualization.
Drawing a few examples from an old Raymond Chen blog post[1], integrations required for seemless operation include
• Host files must be accessible in guest applications using host paths and vice versa. Obviously this can't apply to all files, but users will at least expect their document files to be accessible, including documents located on (possibly drive-letter-mapped) network shares.
• Cut-and-paste and drag-and-drop need to work between host and guest applications.
• Taskbar notification icons created by guest applications must appear on the host's taskbar.
• Keyboard layout changes must be synchronized between host and guest.
These are, at least to a useful degree, possible. Integrations that are effectively impossible in the general case:
• Using local IPC mechanisms between host and guest applications. Chen's examples are OLE, DDE, and SendMessage, but this extends to other mechanisms like named pipes, TCP/IP via the loopback adapter, and shared memory.
• Using plug-ins running in the guest OS in host applications and vice versa. At best, these could be implemented through some sort of shim mechanism on a case-by-case basis, assuming the plug-in mechanism isn't too heavily sandboxed, and that the shim mechanism doesn't introduce unacceptable overhead (e.g., latency in real-time A/V applications).
Finally, implementing these integrations without complicated (to implement and configure) safeguards would effectively eliminate most of the security benefits of virtualization.
[1] https://web.archive.org/web/20051223213509/http://blogs.msdn...