28. Goals Prevent one VM from logging input intended for another VM Prevent injection of key events Consider full-screen and seamless desktop integration modes Keyboard and Pointer devices always controlled by platform Platform knows which VM is on screen, routes keyboard and mouse events exclusively to that VM Key sequences processed by platform for secure attention, VM switching Support for secure keyboard path even in seamless desktop mode When application window gets focus, keyboard is routed to the respective VM Secure Keyboard
29. Goals Provide broad USB device compatibility; good performance Control routeing of devices to VMs through policy enforcement Implementation Platform owns USB host controller devices VMs have Xen para-virtual USB host controller When device plugged in, identify it, apply policy, make visible on guest HC Forward USB messages between real and virtual host controllers Similar approach for SATA optical drives Enables Blu Ray playback, DVD writing etc USB Device Virtualization
XenClient can also run in a mode of operation where the majority of the devices on the system are isolated and virtualized by Xen but then also passthrough certain devices such as the graphics hardware directly to a virtual machine. In this case the regular Windows drivers would run and provide the fasted graphics performance possible. This passthrough technology makes use of hardware virtualization assist provided by Intel VPro technologies. XenClient provides maximum flexibility and performance by allowing a mix of total isolation and sophisticated device passthrough.