M5 BareMetal

M5 BareMetal is tailor-made for organizations seeking to simplify the management of endpoint systems and security…and improve IT ROI and TCO along the way. M5 BareMetal is a policy-enforced, simply managed client-based containerization solution that uses Type 1-like client-side virtualization technology to deliver a fully configured, highly secured corporate Windows workspace. This corporate workspace sits on top of M5 Player, a stripped down Linux/Ubantu infrastructure, that installs directly onto the host hardware. Here are ways which BareMetal can help enterprise IT achieve key objectives:

Simplified management
  • Deployment of a single golden image to popular models and makes of computing devices
  • Enabling frequent update/management of applications and security patches
  • Auto image roll back if image updates fail
  • Rejuvenation of system layer by user
  • Simplified Windows driver management
  • Mitigates OS migration risks
Secure enterprise workspace
  • Centrally managed container – local execution online or offline
  • Data protection with strong policy-based container security
Increased productivity
  • Faster image development and deployment; frequent image updates
  • Rejuvenation by users reduces tech support tickets while allowing users to fix damage caused by viruses – in less than a minute
  • Image updates are seamless and nonintrusive to users
Higher ROI
  • Reduced labor cost for image creation, systems support, desktop deployment
  • Low cost, lightweight infrastructure
  • Increased productivity by:
  • Improving preparation time for new laptop deployment, from weeks to less than a day
  • Enabling image updates from weeks to minutes



M5 BareMetal is LivePC sitting on the M5 Player installed directly onto the hardware. Leveraging a completely locked down Linux/Ubantu infrastructure, M5 BareMetal/Player offers the most stringent endpoint security for corporate-owned computing devices. Key capabilities include:

Local execution. BareMetal ensures user productivity both online and offline by enabling users secure access to corporate applications and data from most popular computer models and makes.
BareMetal security.

  • Very low attack surface due to locked-down Linux kernel with all services disabled and non-essential components removed
  • Users boot from a signed, read-only ISO image that limits exposure to malware, since any changes to the system that are not part of the M5 LivePC or Moka5 Player are erased on every reboot
  • Fearless Browser allows users to run a highly secure web browser in private browsing mode designed for connection to untrusted wireless access points in public places
  • Enterprises can use M5 BareMetal with 802.1x wired authentication as an additional security barrier, preventing corporate network connection from guest, rogue, or unmanaged computers that fails authentication


Secure container. Key protection features include:

  • AES 256 encryption for the container
  • Active Directory integration for user authentication
  • Two-factor authentication
  • The ability to temporarily revoke or permanently kill the corporate container on any endpoint
  • Data leakage controls that can manage things like USB access to intellectual property


Policy-enforcement. More than 130 management and security policies on a single, unified platform that can be optimized for all enterprise environments and requirements.
Layering architectureM5 layering separates a monolithic enterprise desktop image into virtual layers that can be managed individually.

  • Dynamically composited layers provide a single unified view of the system.
  • Standardization on a golden image, also called the system layer, consisting of a Windows OS and corporate applications shared by all users.
  • Separation of user data and user-installed applications from the golden image gives end-users the ability to personalize their workspaces with user-installed applications and user-generated data.


Rejuvenation. Layering enables quick self-recovery, so users can easily restore the system and user-installed application layers after a malware attack while preserving the personal data layer.
Zero touch, automatic updates of delta changes to the system layer simplify all on-going patch and corporate application updates.