Virtualization.com

News and insights from the vibrant world of virtualization and cloud computing

Search Results for: simon crosby

Video: Interview Simon Crosby, CTO of XenSource – Citrix (VMworld 2008) part 2/2

by 1 Comment

In this second part of our exclusive video interview recorded at VMworld2008 in Las Vegas, the Citrix XenSource CTO denies that there is more than a ‘fabulous partnership’ between Microsoft and Citrix. In his typical outspoken style, Simon Crosby does not see his competitor VMware take of into the clouds with vaporware. He remains an advocate for open standards and shines his light on Virtualization security issues (aka VirtSec by the insiders).

.
A full transcript of the interview is below and the  first part of our interview can be viewed here.

(00:00) Simon, in the blogosphere there are these ever mounting rumors about Microsoft and Citrix. What can you comment on that relationship. Add Cisco, VMware and you’ve got a complicated puzzle.

It is.

(00:10) It’s intriguing though.  Many people see a lot of interesting things going on there, what can you say about that?

So our partnership with Microsoft is great.  I mean fabulous.  Microsoft makes a ton out of everything of what Citrix does and they give us scale and we basically take the platform, extend its features set. We’ve done this for years.  It turned out to what XenSource was doing in Virtualization with Microsoft, very similar to the traditional Citrix model of working closely with Microsoft to extend the platform and deliver a bunch of features.  So we do that today and so we’re partner in Virtualization for XenDesktop and runs great on Hyper-V, runs great on XenServer and you know, that’s a terrific partnership.  We’ve partnered also in the area of Virtualization generally and interoperability is key. But XenServer in the platinum edition, not generally known, has the ability to run VMs on VMware or Hyper-V or Xen or even bare metal. Okay, so once you’ve taken your VMs and centralized them into a central repository, we can boot them and run them on anything, right?  Which allows us to extend the concept of Virtualization beyond just Xen, to other hypervisors and even bare metal.

(01:23) If we go back to the cloud concept, because that has been buzzing this industry for a few months now.  What I find quite intriguing is that there’s no standards.  Every cloud has its own APIs and with VMware launching its newest product line (vCloud).  It’s not very clear what those APIs are going to look like, nor when we’re going to have them.  Xen is also moving in that direction with CCC or C3 (Citrix Cloud Center).

Yeah, though not from an API perspective. I agree with you that the APIs are an important one and the ABI.  That is compatibility between the enterprises that counts a big deal. The VMware announcement yesterday, the demonstration around the clouds, the big bullet point on Paul Maritz slide was compatibility, okay? Which basically says that every cloud is going to have to buy by VMware.  You know what?  It’s just not going to happen, okay?  So compatibility is an important concern.  It’s really important that enterprise that  adopt Virtualization know that their VMs will run great in their enterprise but also in the cloud and if the only way we can achieve that is if everybody buys VMware, I can tell you the industry is sunk.  That’s not going to happen.  So compatibility is an important consideration.  OVF is a great component of that and I think it gives us a good way of migrating that whole process.

(02:43)  Do you think that the DMTF is a good standards body to also look into APIs that the vendors agree upon from Amazon to Citrix?

(02:50) Simon Crosby:  I’m not so sure about the Amazon guys. You should go out and speak to Werner on that. But in general, you know Amazon is very open to moving towards standard based APIs, kind of an innovator out there. But VMware, to give them credit, is doing a great job in the DMTF.  They really are.  So, I got to tell you that I’m not a fan of LibVirt you know in the Linux world, it doesn’t have strong semantics.  It doesn’t have like a well-defined API or ABI but the DMTF world is moving forward terrifically, yeah very good.

(03:24) Virtualization was a way of abstracting. Now clouds are another way of abstracting?

They are just another hypervisor platform for me.

(03:34) What about an OS.  What would be your definition, VMware is calling it an OS? 

Oh, the data center OS?

(03:42) Interviewer:  How do you define such an OS?  Do you consider it an OS, a framework or an API set?

You know what?  I think it’s vaporware, right?  So let’s be real for a bit, there are several key things that people want to achieve.  They want to achieve greater agility, greater dynamism, and greater security. There are a lot of ways to get there. But defining a data center OS based on a product which has got a single point of failure, isn’t the way to get there.  There are very interesting technologies that one can bring to solve that problem. In general, I don’t think they (VMware) have them.  Now, it differs between enterprises and clouds on how you want to do this. Enterprise IT runs in a very different way than the cloud.  So we know today that NetScalers drives automatically very large files, that is we can use NetScalers sitting in the application hard drive to dynamically move traffic between machines whenever machine fails, between data center whenever data center fails and on the fly bring up new VMs and servers on the basis of need. Because we can watch the application response times and drive the data center in that way.  That is in particular like a kind of cloud architecture. There are some enterprise adopting it. But at data center OS which is built in the management domain out of a bunch of stuff which is really just managing software.  I don’t buy the concept.  It’s an important concept that people start to think about, that is agility and dynamism and data center reintroduce a whole bunch of complexities but it isn’t here yet.

(05:14) Maybe to finish off, you mentioned security?

Yeah.

(05:18) How do you see that involve, it’s one of the major concern of these people.  How do you secure Virtual issues?  How do you make absolutely sure that they can’t break out?

There are three things here, one of them is how do you secure the guests?  How do you secure the hypervisor?  And how do you virtualize the security function generally, okay?  So let’s start. How do you secure the guest?  You know, the basic capabilities of inspecting the traffic, block an I/O, everybody can do that.  That’s straightforward.  VMware took a one step further with VMsafe which allows their plug-in security appliances to inspect the memory of running guests.  The black hat folks just don’t like this approach, okay?  We have an equivalent thing in open source that the big scary moment is if you compromise that interface, you can get hold of any memory of any guest.  It’s really, really scary.  So you have to do better than that, you know. 

But in general, virtualizing the security function is thought very open area and Chris Hoff has a perfect take on this, you know it’s very, very early days and has a ton of work to do.  Moreover is I/O starts to go back into hardware so we just get IOV devices coming.  None of those security appliance gets to look at the traffic anymore, so it’s going to be very interesting.  So all has to get down again.  Securing a hypervisor, we’re absolutely concerned about that.  That is one of our key focuses, I guess VMware is concerned about it.  They have a big code base.  I think one of their big things that they do is they went from you know ESX to ESXi was to ditch the console OS which is a major headache for them.  You know we’re down onto tens of megabytes in software now, generally written onto read-only flash and we focus manically on securing our box, right?  That’s absolutely what we have to do.  Now can we make guest more secured?  Absolutely we can do that and that’s the next big one which is how you can use the Virtualization platform itself and Virtualization to provide greater security for the workload while it’s running and through its life cycle.  So once you separated the software from the server, can I take a guest to walk out of the building without a memory stick?  That’s an interesting question.

(07:31) Simon, I’d like to thank you for the time you’ve given us and for the straight talk and your views on Virtualization and everything around it.  See you.

Video: Interview Simon Crosby, CTO of XenSource – Citrix (VMworld 2008) part 1/2

by 3 Comments

Below is the first part of our exclusive video interview recorded at VMworld2008 in Las Vegas, where Citrix XenSource CTO Simon Crosby tells us where he sees Virtualization going in general and shares his view on the future of security, networking and I/O virtualization in particular.

.
Feel free to check on the I/O Virtualization vendors we covered in the past, such as 3Leaf, Neterion, NextIO, VertenSys with Neterion or Xsigo.

A full transcript of the interview is below. you might want to check on our previous chat with Simon at VMworld Europe 2008 in Cannes to see if what he claims is consistent on both sides of the atlantic.

(00:11) Simon Crosby, you’re the CTO, Virtualization and Management Division at Citrix.  What are the next challenges you see coming up in Virtualization?

Simon Crosby: So Virtualization today is server only, right?  So in fact the question to me is “where does Virtualization go generally”?  The technology works superbly for clients.  It applies in terms of virtualizing the client device and it works great in PDAs and various other mobile internet devices and so on.  So Virtualization is going down that path.  Xen already runs on all machines of that category and does so with great performance.  So now we can expose real devices, models, straight up to Windows and so on and we can get terrific performance.  So Virtualization technology will go much more broadly into the execution environments.  Virtualization adoption by enterprise It’s a big, big change, right?  Because everything changes.  So just to get beyond 10% or 12 or whatever adoption percentage we are at right now, the whole of the enterprise IT process has to be rethought.

(01:13) Where do you see the real challenges when it comes to security and virtualization and how can you organize those?

Today, I think you know we do a pretty good job of pulling in the storage and the compute side of it, that is we dynamically drive storage for virtualization.  Networking is still way out there.  I mean because the security folks want to know exactly where the bump in the wire is. Arguably as you move the virtual machines around in the data center because of those network security policies you got to follow them.  That doesn’t happen yet.  So, all of that has  to change but as you start to do this, people who got a very rational concern for knowing where things are, that they are secured, that they die when they should and all that sort of stuff, right?  And so, the general complexity that virtual machines bring is that our appetite for computers have not gone down.  There are more VMs than there are physical servers.  They live some place you don’t generally know where.  At any point in time, you need to find the darn thing.  Check if it’s secured.  Check if it’s updated.  Manage it through its life cycle and then throw it away securely.  So it actually complicates things.  So the great thing by Virtualization is we now get as a bunch of IT vendors, to go and redo it all and do it right and do it better and that’s the opportunity.

(02:34) Now Simon, one of the major announcements here at VMworld was that, VMware together with Cisco, they’ve launched VN-link which is a new standard for networks to become virtual machine aware.  What’s your point of view on that, on this merging of virtual network solutions and standards in that field?

The fundamental driver here is Moore’s law., So we get more and more and more VMs per server.  That means that the switch technology that we use in the virtualized platform in general, has to become more and more like a network based switch.
So that’s a good observation.  Therefore, all of the separation and other policies that you want to have in a network have got to follow your VMs, right?  So there is an interesting question of what you do there?  Now the VMware virtual switch (indeed there is one in XenServer too) are based on the bridge code that came out of Linux. We modified  so it can support VLANs and everything else, but that’s where it came from.  So there’s a very rational question as to how this evolves over the time?  Now, the technology that’s coming down the wire is essentially IOV. If you do SRIOV..

03:35 Could you quickly explain what IOV and SRIOV stand for?
SRIOV stands for single root I/O virtualization.  It’s the I/O Virtualization standard coming out of the PCI SIG and with that, essentially you introduce the ability for a NIC-card to have a full layer 2 switch on it.  So what’s going to happen is that it’ll all move to hardware. And those layer 2 switches will look like existing real physical switches in your Ethernet, okay?  And so, in general, you know we have to have the same ability to control those and manage them as we do with our physical network infrastructure today.

IDC Virtualization Forum West: Simon Crosby (Citrix / Xensource)

by Leave a Comment

This article is part of a series of guest posts by investor, Open Source pioneer and the creator of the Concurrent Versions System Brian Berliner. The original posts, recapping much of what was said at the IDC Virtualization Forum West in San Francisco, have also been published on Brian’s blog.

Simon Crosby, formerly the Founder & CTO of XenSource and, since the acquisition, now the CTO of the Virtualization & Management Division at Citrix, did a very nice job with the morning’s kick-off sponsor presentation at the IDC Virtualization Forum West conference.

Some takeaways that I found interesting:

  • Virtualization is not an end-goal in and of itself. Virtualization is a feature set and simply serves a role in IT Application Delivery.
  • Simon took a few jabs at VMware and, why not? Citrix/XenSource is now squarely positioned as the #2 contender. When you have the chance, you take a shot at the big boy. And, VMware is a big boy, to be sure. Simon said, “This is the year the world strikes back” (against VMware, I presume).
  • Simon also said, of one of the sleeping dogs in the Virtualization space, “Microsoft is going to radically change the environment for virtualization”. Presumably with their Hyper-V solution and their partner muscle.
  • About the movement of the hypervisor into the firmware of server (and at some point), client computers: “Where this feature ends up is still in play — in the OS, or in the hardware”. Personally, I think the answer is clear. Hypervisors are becoming commoditized and will become a component of the hardware/firmware/BIOS. It can’t be stopped.
  • Citrix will create a set of Open Extension API’s for Value Added Dynamic Infrastructure Services. Basically a way for third-parties to interact with the lower layers as part of building a truly dynamic data center (which, EVERYONE is talking about getting to at the conference) – Something that we predicted while building the business plan for Cassatt in 2003. The industry/market is absolutely catching up.
  • I think I heard that XenDesktop will be released in Q2 of this year (i.e., soon).
  • On the issue of scaling the virtual desktop infrastructure: “When I talk about scale, the Desktop scales way worse than any Data Center”. He cited a customer example where the customer has 250,000 desktop PC’s. They absolutely DO NOT want to have 250,000 Virtual Machines! The Citrix approach to scale here is intriguing (and quite likely correct): Break the OS from the Configuration from the Applications. Assemble them in real time for the desktop virtual machine. Result is 1 (or a handful) of OS images that you have to deal with and patch in order to update thousands of desktop machines. Much better scale solution.

I liked what Simon had to say about the virtualization landscape. It is very clear that the choice of Citrix as their acquirer was a good one. Lots of good synergies between the companies.

I had lunch with Simon as well, and we continued the discussion. I was impressed with his understanding of the customer requirements and political challenges to the rollout of a virtualized infrastructure.

[Original post can be found here]

Video: Interview Simon Crosby, CTO of XenSource – Citrix (VMworld Europe 2008)

by 3 Comments

The interview below is part of our Virtualization Video Series, a recurring theme we want to implement on Virtualization.com featuring interviews with key players from the industry, event reports, etc.

This interview was recorded at VMWorld Europe 2008 in Cannes, France, and features Simon Crosby, CTO of XenSource (Citrix).

DivX HD 1280×720 3.5mbit/s: Play (pop-up)
WMV HD 1280×720 3.5mbit/s: Play (pop-up)

Flash versions: Blip (embedded below), Myspace, Putfile, Revver, Sevenload, Vimeo, Youtube

Interviewer: Tarry Singh
Video blogger: Charbax

Who Owns Virtualization Security? The Hoff/Crosby Debate

by 5 Comments

We’ve decided to cross-publish a blog post by Gregory Ness, VP of Marketing for Blue Lane Technologies, because we think it delivers a good insight in the whole Hoff/Crosby debate about virtualization security (virtsec, if you will).

Gregory NessLast year when I blogged about the impact of virtsec on the world of static security I focused on how virtualization could degrade the effectiveness of security solutions. Since then we’ve seen a surge of vendor marketing around virtualization security (virtsec), from a growing corral of one trick pony start-ups with various Barney announcements (“I love you, you love me…”) to the likes of the world’s leading security companies joining VMware’s unprecedented, visionary VMsafe initiative.

Last month I blogged about data center security’s key requirements, which included virtsec. My point was that virtsec will require more intelligence and agility than perimeter network security, because it will need to be deployed within the hypervisor layer and will consume hypervisor resources. Simply moving deep packet regular expression inspection engines into the hypervisor layer could add big hypervisor footprints and/or unacceptable levels of latency. These problems aren’t new; they’ve been hidden by faster and faster dedicated hardware at the network perimeter.

That’s why I found a recent virtsec blog exchange between Hoff and Crosby so disconcerting. Two brilliant guys with two very different perspectives are arguing about the ownership and accountability of virtualization security. Chris Hoff is a security guru with a sizable following who has been among the most vocal on the virtsec challenge. Security blogger Rothman calls Hoff Captain Virtual because he has been on a tear when it comes to the blog debate around virtsec.

Simon Crosby is leading the virtualization charge for Xen/Citrix and he insists that virtualization platform vendors should stay focused on securing their platform versus the new infrastructure they’re enabling. Like Chris, Simon is one very smart guy with a deep technology background in virtualization. And from Simon’s perspective he doesn’t sound unreasonable.

The virtualization security debate thus far has had so many issues swept underneath it by various parties that it resembles a lumpy rug. Simon and Chris are exposing some of the lumps as they humor each other with comments about smoking cigars from the wrong end and the following (from Hoff):

“Focusing only on your little patch of grass is short-sighted and it won’t work. Just like it hasn’t worked in the past. It’s a disaster waiting to happen, and you’re enabling it”. – Hoff

The problem isn’t that these two very smart guys disagree; it’s rather that this disagreement promises to play itself out on a micro-level in enterprises around the world, as I commented last year in “VM Security- The Keys to the Virtualization Kingdom.” And no one stands to win, except those hoping for a slow adoption.

Perhaps Rothman is right to suggest that security will stay tactical and reactionary when it comes to virtsec, because that has been the recent history of netsec on many fronts. Yet if virtsec isn’t done right it could jeopardize the very flexibility and efficiency that virtualization enables. Strategic virtsec is an enabler of growth; tactical virtsec is a rocky road.
Rothman’s scenario seems to anticipate the rocky road: the slow and grinding deployment of hypervisors in production stretched out for years, as tactical decisions and budgets respond to new risks and events driven by cycles of hacks, reactionary regulatory responses and internal operations and security discussions. Feels a lot like the status quo today, doesn’t it? I hope he’s wrong.

The colorful and spirited debate between Hoff and Crosby is very symbolic of the issues we’ve discussed here since my initial virtsec blog in Feb 2007.

Unfortunately I think this debate risks becoming a metaphor for production data center virtualization; it feels to me like two different worlds colliding in a potentially myopic haze of finger-pointing and original sin debates. That scenario will not help Citrix/Xen virtualize production environments, and I think that is why Hoff’s points bear such weight. And I’m not sure that Crosby gets this given his thoughtful and understandable Mother of All Misunderstandings response to Hoff.

I think the mother of all misunderstandings is about to play itself out as “a funny thing happened on the way to the datacenter” scenario. When Caesar crossed the Rubicon he knew his security profile would change, but he still underestimated the Senate. If Citrix doesn’t show leadership (ala VMware and VMsafe, etc.) and instead talks about security as “other people’s problems” its growth in the data center could experience a thousand cuts Caesar style as internal conflicts and strife within customers (between the Hoff’s and Crosby’s) could demonize the incredible and undeniable power of virtualization to enhance data center security.

The virtualization and security vendors can either lead on this issue as an opportunity to enhance security today or merely create awareness around the new risks and dynamics and talk about far-off solutions that may one day work when the market matures. One strategy will lead to the faster deployment of hypervisors in production; the other will fulfill Rothman’s prediction.

Virtualization is a massive opportunity to escape the cycle of attack followed by tactical/regulatory response and establish a new order, with security pros getting powerful, flexible new capabilities to protect systems. That will require leadership and new thinking and a full appreciation by those who don’t want to relive the past. Security may turn out to be strategic to virtualization in ways that it couldn’t be strategic to the network. The hypervisor layer is perhaps the most substantial strategic security opportunity in many years. Let’s hope we leverage it to its fullest.

Security Virtualization Startup Raises $9.2 Million Series A

by Leave a Comment

Bromium, emerging from stealth mode to develop technology in the areas of virtualization and security, has announced it has closed a $9.2 million series A round of funding with Andreessen Horowitz, Ignition Partners and Lightspeed Venture Partners.

Founded by Gaurav Banga, Simon Crosby and Ian Pratt, Bromium is focused on the delivery of infrastructure solutions that permit enterprises to safely embrace two major trends in IT: consumerization and cloud computing.

The Bromium Board of Directors is drawn from business leaders and technologists with extensive experience in infrastructure software, virtualization and security: Peter Levine, venture partner at Andreessen Horowitz; Frank Artale, managing director at Ignition Ventures; and George Kurtz, worldwide CTO and executive vice president at McAfee. Bromium has already attracted top engineering talent from Microsoft, VMware, Oracle, McAfee and NVIDIA.

Prior to founding Bromium, CEO Gaurav Banga was CTO and SVP, Engineering at Phoenix Technologies. Simon Crosby (co-founder and CTO) joins Bromium from Citrix, where he was CTO of the Data Center & Cloud Division. He joined Citrix through the acquisition of XenSource in 2007, which he also co-founded and led as CTO.

Ian Pratt (co-founder and SVP Products) is the chairman of Xen.org and was co-founder of XenSource. Prior to Bromium, he served as vice president of advanced products in the Virtualization and Management Division at Citrix.