Session Virtualization Revisited
I recently posted my suggestion regarding session virtualization at the brianmadden.com forum. Interestingly two replies I got were essentially the same: this would enable using VMotion-like technology to transfer sessions between servers, thus freeing up a server for maintenance or upgrades. I agree that the ability to move sessions in this way would be way-cool, but I must admit that this functionality was not what prompted me to propose session virtualization. The main reason I proposed session virtualization is to achieve better session encapsulation and greater isolation between users sharing the same OS instance.
In most common OSs users are isolated from each other using Access Rights. This means that some users have complete access to a particular resource, while others have only partial access to the same resource, or even no access at all. So, for example, on user may be able to both read and write to a particular file, another user would only be able to read the file but not write to it, and a third would not be able to do either. Session virtualization takes a different approach: all the users appear to have complete access to the same resource but, in fact, each user sees a different version of the same resource. Using the file example, for each user a different physical file is mapped to the same logical location.
The benefit of the session virtualization approach is that users would be able to perform operations that otherwise they could not because of various access restrictions, without compromising the system’s integrity as a whole. Moreover, it would be possible to apply different policies to different resources: some would retain modifications applied to them between user sessions while others would revert to their original state when the user logs out.