In this second part of our exclusive video interview recorded at VMworld2008 in Las Vegas, the Citrix XenSource CTO denies that there is more than a ‘fabulous partnership’ between Microsoft and Citrix. In his typical outspoken style, Simon Crosby does not see his competitor VMware take of into the clouds with vaporware. He remains an advocate for open standards and shines his light on Virtualization security issues (aka VirtSec by the insiders).
A full transcript of the interview is below and the first part of our interview can be viewed here.
(00:00) Simon, in the blogosphere there are these ever mounting rumors about Microsoft and Citrix. What can you comment on that relationship. Add Cisco, VMware and you’ve got a complicated puzzle.
(00:10) It’s intriguing though. Many people see a lot of interesting things going on there, what can you say about that?
So our partnership with Microsoft is great. I mean fabulous. Microsoft makes a ton out of everything of what Citrix does and they give us scale and we basically take the platform, extend its features set. We’ve done this for years. It turned out to what XenSource was doing in Virtualization with Microsoft, very similar to the traditional Citrix model of working closely with Microsoft to extend the platform and deliver a bunch of features. So we do that today and so we’re partner in Virtualization for XenDesktop and runs great on Hyper-V, runs great on XenServer and you know, that’s a terrific partnership. We’ve partnered also in the area of Virtualization generally and interoperability is key. But XenServer in the platinum edition, not generally known, has the ability to run VMs on VMware or Hyper-V or Xen or even bare metal. Okay, so once you’ve taken your VMs and centralized them into a central repository, we can boot them and run them on anything, right? Which allows us to extend the concept of Virtualization beyond just Xen, to other hypervisors and even bare metal.
(01:23) If we go back to the cloud concept, because that has been buzzing this industry for a few months now. What I find quite intriguing is that there’s no standards. Every cloud has its own APIs and with VMware launching its newest product line (vCloud). It’s not very clear what those APIs are going to look like, nor when we’re going to have them. Xen is also moving in that direction with CCC or C3 (Citrix Cloud Center).
Yeah, though not from an API perspective. I agree with you that the APIs are an important one and the ABI. That is compatibility between the enterprises that counts a big deal. The VMware announcement yesterday, the demonstration around the clouds, the big bullet point on Paul Maritz slide was compatibility, okay? Which basically says that every cloud is going to have to buy by VMware. You know what? It’s just not going to happen, okay? So compatibility is an important concern. It’s really important that enterprise that adopt Virtualization know that their VMs will run great in their enterprise but also in the cloud and if the only way we can achieve that is if everybody buys VMware, I can tell you the industry is sunk. That’s not going to happen. So compatibility is an important consideration. OVF is a great component of that and I think it gives us a good way of migrating that whole process.
(02:43) Do you think that the DMTF is a good standards body to also look into APIs that the vendors agree upon from Amazon to Citrix?
(02:50) Simon Crosby: I’m not so sure about the Amazon guys. You should go out and speak to Werner on that. But in general, you know Amazon is very open to moving towards standard based APIs, kind of an innovator out there. But VMware, to give them credit, is doing a great job in the DMTF. They really are. So, I got to tell you that I’m not a fan of LibVirt you know in the Linux world, it doesn’t have strong semantics. It doesn’t have like a well-defined API or ABI but the DMTF world is moving forward terrifically, yeah very good.
(03:24) Virtualization was a way of abstracting. Now clouds are another way of abstracting?
They are just another hypervisor platform for me.
(03:34) What about an OS. What would be your definition, VMware is calling it an OS?
Oh, the data center OS?
(03:42) Interviewer: How do you define such an OS? Do you consider it an OS, a framework or an API set?
You know what? I think it’s vaporware, right? So let’s be real for a bit, there are several key things that people want to achieve. They want to achieve greater agility, greater dynamism, and greater security. There are a lot of ways to get there. But defining a data center OS based on a product which has got a single point of failure, isn’t the way to get there. There are very interesting technologies that one can bring to solve that problem. In general, I don’t think they (VMware) have them. Now, it differs between enterprises and clouds on how you want to do this. Enterprise IT runs in a very different way than the cloud. So we know today that NetScalers drives automatically very large files, that is we can use NetScalers sitting in the application hard drive to dynamically move traffic between machines whenever machine fails, between data center whenever data center fails and on the fly bring up new VMs and servers on the basis of need. Because we can watch the application response times and drive the data center in that way. That is in particular like a kind of cloud architecture. There are some enterprise adopting it. But at data center OS which is built in the management domain out of a bunch of stuff which is really just managing software. I don’t buy the concept. It’s an important concept that people start to think about, that is agility and dynamism and data center reintroduce a whole bunch of complexities but it isn’t here yet.
(05:14) Maybe to finish off, you mentioned security?
(05:18) How do you see that involve, it’s one of the major concern of these people. How do you secure Virtual issues? How do you make absolutely sure that they can’t break out?
There are three things here, one of them is how do you secure the guests? How do you secure the hypervisor? And how do you virtualize the security function generally, okay? So let’s start. How do you secure the guest? You know, the basic capabilities of inspecting the traffic, block an I/O, everybody can do that. That’s straightforward. VMware took a one step further with VMsafe which allows their plug-in security appliances to inspect the memory of running guests. The black hat folks just don’t like this approach, okay? We have an equivalent thing in open source that the big scary moment is if you compromise that interface, you can get hold of any memory of any guest. It’s really, really scary. So you have to do better than that, you know.
But in general, virtualizing the security function is thought very open area and Chris Hoff has a perfect take on this, you know it’s very, very early days and has a ton of work to do. Moreover is I/O starts to go back into hardware so we just get IOV devices coming. None of those security appliance gets to look at the traffic anymore, so it’s going to be very interesting. So all has to get down again. Securing a hypervisor, we’re absolutely concerned about that. That is one of our key focuses, I guess VMware is concerned about it. They have a big code base. I think one of their big things that they do is they went from you know ESX to ESXi was to ditch the console OS which is a major headache for them. You know we’re down onto tens of megabytes in software now, generally written onto read-only flash and we focus manically on securing our box, right? That’s absolutely what we have to do. Now can we make guest more secured? Absolutely we can do that and that’s the next big one which is how you can use the Virtualization platform itself and Virtualization to provide greater security for the workload while it’s running and through its life cycle. So once you separated the software from the server, can I take a guest to walk out of the building without a memory stick? That’s an interesting question.
(07:31) Simon, I’d like to thank you for the time you’ve given us and for the straight talk and your views on Virtualization and everything around it. See you.