Over the past decade, the mobile device has evolved from a voice-centric device into a mobile personal computer. No longer just a device for voice communications, the mobile device has become a multitasking tool, useful for activities such as entailing and web browsing. The current trends for mobile devices are toward the mimicking of desktop functionality. As a result, mobile devices are becoming enterprise endpoints with rich applications and core enterprise connectivity. Because an enterprise may need to specifically provision a mobile device for accessing restricted data, an employee may either have to sacrifice a personal device for dedicated enterprise use or carry two devices, one personal and one for enterprise use, to work.
From an end-user perspective, it is desirable to consolidate the personal mobile device with the enterprise device. Virtualization otters an opportunity to provide a convenient solution by preserving isolation of environments without requiring a second physical enterprise device. Supporting a personal environment and a work environment through virtualization on a personal mobile device represents an attractive alternative to existing solutions involving multiple physical mobile devices. The rapid pace of hardware advances in mobile devices over the past several years has led to a class of mobile devices with resources capable of supporting multiple environments (e.g., one or more virtual phones) through virtualization.
However, given the current particular complexities of the mobile environment from technical, infrastructure, and business perspectives, providing sufficient virtualization capabilities on mobile devices remains challenging. For example, mobile service carriers typically do not give enterprises or end users full access to its hardware resources, for security or commercial reasons. In addition, not all mobile-device operating systems are virtualization-friendly. They may not provide sufficient privileged access to the system resources and impose stringent restrictions on the applications. For example, certain operating systems may not allow (or provide limited ability for) more than one process to execute at a time, and may not provide any inter-process call mechanism.
Furthermore, applications executing in operating systems with such restrictions may not be able to load customized system functions or otherwise take control of the operating system's system calls. Without control over the system calls, it can be difficult to implement and enforce enterprise policy on mobile devices used by an enterprise's employees. Hence, it remains a challenge to unify a user's work-related enterprise functionalities and his personal-use functionalities on the same mobile device.