Below is the first part of our exclusive video interview recorded at VMworld2008 in Las Vegas, where Citrix XenSource CTO Simon Crosby tells us where he sees Virtualization going in general and shares his view on the future of security, networking and I/O virtualization in particular.
A full transcript of the interview is below. you might want to check on our previous chat with Simon at VMworld Europe 2008 in Cannes to see if what he claims is consistent on both sides of the atlantic.
(00:11) Simon Crosby, you’re the CTO, Virtualization and Management Division at Citrix. What are the next challenges you see coming up in Virtualization?
Simon Crosby: So Virtualization today is server only, right? So in fact the question to me is “where does Virtualization go generally”? The technology works superbly for clients. It applies in terms of virtualizing the client device and it works great in PDAs and various other mobile internet devices and so on. So Virtualization is going down that path. Xen already runs on all machines of that category and does so with great performance. So now we can expose real devices, models, straight up to Windows and so on and we can get terrific performance. So Virtualization technology will go much more broadly into the execution environments. Virtualization adoption by enterprise It’s a big, big change, right? Because everything changes. So just to get beyond 10% or 12 or whatever adoption percentage we are at right now, the whole of the enterprise IT process has to be rethought.
(01:13) Where do you see the real challenges when it comes to security and virtualization and how can you organize those?
Today, I think you know we do a pretty good job of pulling in the storage and the compute side of it, that is we dynamically drive storage for virtualization. Networking is still way out there. I mean because the security folks want to know exactly where the bump in the wire is. Arguably as you move the virtual machines around in the data center because of those network security policies you got to follow them. That doesn’t happen yet. So, all of that has to change but as you start to do this, people who got a very rational concern for knowing where things are, that they are secured, that they die when they should and all that sort of stuff, right? And so, the general complexity that virtual machines bring is that our appetite for computers have not gone down. There are more VMs than there are physical servers. They live some place you don’t generally know where. At any point in time, you need to find the darn thing. Check if it’s secured. Check if it’s updated. Manage it through its life cycle and then throw it away securely. So it actually complicates things. So the great thing by Virtualization is we now get as a bunch of IT vendors, to go and redo it all and do it right and do it better and that’s the opportunity.
(02:34) Now Simon, one of the major announcements here at VMworld was that, VMware together with Cisco, they’ve launched VN-link which is a new standard for networks to become virtual machine aware. What’s your point of view on that, on this merging of virtual network solutions and standards in that field?
The fundamental driver here is Moore’s law., So we get more and more and more VMs per server. That means that the switch technology that we use in the virtualized platform in general, has to become more and more like a network based switch.
So that’s a good observation. Therefore, all of the separation and other policies that you want to have in a network have got to follow your VMs, right? So there is an interesting question of what you do there? Now the VMware virtual switch (indeed there is one in XenServer too) are based on the bridge code that came out of Linux. We modified so it can support VLANs and everything else, but that’s where it came from. So there’s a very rational question as to how this evolves over the time? Now, the technology that’s coming down the wire is essentially IOV. If you do SRIOV..
03:35 Could you quickly explain what IOV and SRIOV stand for?
SRIOV stands for single root I/O virtualization. It’s the I/O Virtualization standard coming out of the PCI SIG and with that, essentially you introduce the ability for a NIC-card to have a full layer 2 switch on it. So what’s going to happen is that it’ll all move to hardware. And those layer 2 switches will look like existing real physical switches in your Ethernet, okay? And so, in general, you know we have to have the same ability to control those and manage them as we do with our physical network infrastructure today.