Citrix: Why hypervisor dominance matters

As Microsoft, Google and Amazon jostle for control of the public cloud, Citrix chief technology officer Simon Crosby talks about AWS's prominence, hypervisors and the threat of VMware dominance
Written by Jack Clark, Contributor

In January, Citrix announced plans to make its XenServer products more compatible with partner Amazon Web Services' cloud, to help enterprises with XenServer-virtualised datacentres to easily hook into the public cloud.

That compatibility approach contrasts with that taken by Citrix's virtualisation rival VMware, which concentrates its cloud efforts on end-to-end solutions and makes its pitch for the enterprise by building services on top of its own hypervisor. For its part, Citrix focuses its enterprise efforts on its free Xen hypervisor and its involvement in the open-source and open-standards OpenStack cloud.

Simon Crosby, Citrix's chief technology officer for the datacentre and cloud, has a long history with the Xen hypervisor: he was tech chief at XenSource, which developed the Xen hypervisor, when the Cambridge-based company was acquired by Citrix in 2007.

Crosby explained to ZDNet UK why VMware's approach can encourage enterprise lock-in, why Amazon Web Services (AWS) has a potent lead in the cloud and why a major change is needed in the approach to cloud security.

Q: Is there such a thing as hypervisor dominance?
A: In cloud it's definitely Xen, and in enterprise it's definitely VMware.

Why does hypervisor dominance matter?
Because the VMware play is 100-percent based on its hypervisor only. To the extent the enterprise might care about being locked into a specific vendor, it does matter.

If I happen to have purchased VMware for my enterprise private server world, will I be able to use a cloud service from Rackspace or Fujitsu or Amazon? If it is providing very sticky services, am I locked into my VMware world?

People are terrified of what AWS can do.

In effect, [VMware has] trained the enterprise IT class to use the VMware management tools, and that skillset issue is important. If I'm in IT using VMware management tools, am I going to switch to something else running in the cloud? There's the human aspect as well: my humans are trained with VMware, so am I to train my humans to use Rackspace or Amazon?

My bet is that the innovation in a non-VMware world is greater than the innovation rate that VMware can sustain. There's a tonne of cool stuff coming that's not VMware. For example, I could consume ESXi, which is a free hypervisor [developed by VMware], and build the rest of the stack out of open-source software, making a mixed stack.

The choice of hypervisor is an interesting one. You'll find some KVM and some Xen, maybe some Hyper-V and even some VMware. But people are building these services through the consumption of open-source software, and OpenStack is the banner under which it is aligning.

OpenStack is about delivering the architecture for the massive cloud with rich networking services and security, and the ability to do things such as auto-scaling and a bunch of cool things you would typically expect to find in an Amazon infrastructure. The collaborators there are really interesting, so OpenStack is moving forward very, very fast.

What do you see happening for the cloud over the next decade? Could it be one composed of huge vendors and a few niche players?
I can see that happening. If you look at AWS, it is extremely powerful and here's why: the company produces its own infrastructure, builds its own servers and operate its own datacentres worldwide. It has enormous capacity.

In addition to that, AWS is an extremely smart and agile software-as-a-service (SaaS) company. It is adding services to that, and that is extremely sticky. Really, people are terrified of what AWS can do.

If you look at hosting [specialists] — and that would include Rackspace — they don't invent stuff, they just operate stuff at scale.

The rest of the bigger ones [cloud providers] are going to chase [AWS] and provide some sort of offering. It could look like a VMware offering. The challenge a service provider faces in that is that it is offering another company's product: VMware's.

Obviously there's Microsoft with Azure. But Azure is going to be highly Windows-focused — .NET and from a virtualisation perspective, Windows Server 2008 R2. Azure is still very much a work in progress, but I think Microsoft will do very well with its BPOS [Business Productivity Online Suite], and it will do well for specific enterprise apps.

Why is Amazon Web Services so dominant?
It operates at enormous scale; it builds its own stuff; it has all of the competitive advantages of, say, a Google, because it can put together a server for a couple of hundred bucks, and that gives them an enormous scale advantage.

As an e-commerce provider, it has grown an infrastructure that...

...can withstand two simultaneous datacentre failures. Then it figured out what it needed to do was build a cloud to run Amazon.com. Then it realised: "Oh gosh, we can sell this too."

Citrix hypervisor Simon Crosby

Citrix focuses its enterprise efforts on its free Xen hypervisor and OpenStack. Photo credit: Coolcaesar/Wikimedia Commons

That was to its advantage, but also to its disadvantage because [Amazon developers] were not familiar with the virtualisation needs of the enterprise — there's no concept of virtualisation fault tolerance.

It offers geographic diversity, enormous connectivity and, therefore, it is a bastion of defence against attacks; it doesn't give a blink when Anonymous throws a 10Gbps denial-of-service attack.

What about Google's efforts with Google App Engine (GAE)?
Amazon's advantage there is it started with the nuts and bolts — which is compute, network and storage — so it can build sticky services and emerge with a platform that's very sticky. With RDS [Relational Database Service], for a single API call, you get a gigabyte database with a 15-day rollback and huge granularity, and all you pay for is storage. That is hugely sticky.

[AWS is] building infrastructure components that are lower level than the PaaS [platform-as-a-service] level, which are incredibly rich and very, very sticky. Therefore it's winning the hearts and minds of people who want to build big web apps.

GAE does not have a fundamentally compelling reason to go and do it — it's just a place to run a service.

What would consolidation mean for the cloud sector?
You wonder whether there will be consolidation as more telecoms pick up enterprise-focused infrastructure-as-a-service plays.

If you talk about enterprise customers adopting cloud, their concern is security, security, security, by a long shot. If you look at the emerging cloud players, the biggest challenge [is] their ability to secure the customer's workload. Where a start-up cloud might struggle to provide sufficient proof that its offerings were secure, a large carrier might have more heft with that process.

AWS is building infrastructure components that are incredibly rich and very, very sticky. It's winning the hearts and minds of people who want to build big web apps.

What about security?
Security is one of the areas where virtualisation is going to have a profound effect. VMware is now a security vendor. All of these VMs [virtual machines] and such are on the same server, [so] the right place to implement security is on the server.

The first step has been to get the security vendors to re-vector their offerings to be infrastructure specific and not end-point specific. Running security per VM does not scale well, so that's important. [It's] now going to market — certainly McAfee and Trend Micro are in the market.

Step two is very interesting, [given] we have not seen a credible hypervisor-specific offering in security. For Xen, we have been working with McAfee and others, and within the year you will find the Xen hypervisor providing security to the VMs hosted on it.

We are moving away from finding the bad guys — the blacklisting approach is basically failing. [Instead, we will check] that the code that is running has not changed since it was signed.

Granular whitelisting down to the object level and the page level within the hypervisor is certainly something the hypervisor will assist with, and that is something you will see in the coming year.

It seems to me that enterprises will demand that their storage is encrypted at all times in the cloud, and that it is encrypted and decrypted on the fly, and that the keys are held by the enterprise.

We're moving down that path, it's absolutely correct to say that security-as-a-component of infrastructure is a big change coming.

Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.
Editorial standards