VMware: Security is the biggest challenge

At VMware, Stephen Herrod's main focus is making sure the virtualisation specialist can develop technologies that embrace mobile devices, but still maintain the security that enterprises need if they are to virtualise all their data.

The chief technology officer's greatest worry is that as companies consolidate their data into VMware-based infrastructures, the ramifications of a security problem with the technology grow.

Ultimately, Herrod says he would like to see a world of total data flexibility, where applications are sent to devices according to the identity of the user, and the whole is brokered by a cloud-based service. The difficulty in getting there is making sure VMware's leading product — the virtualisation management tool vSphere — can scale without breaking.

Herrod sat down with ZDNet UK recently to talk about VMware's work on these efforts — and to explain why it tells its partners that virtual machines are like shipping containers.

Q: What is the ultimate goal of virtualisation?
A: Complete mobility and efficient use of resources. Virtualisation happens to be the best way we know to provide that. You should be able to utilise all the resources at your disposal, and you should be able to do so safely and with minimal management headaches along the way.

Ultimately, we're trying to run an application and make sure it's as close to the user as possible — for latency — and that it has the right price profile and the right availability.

What do you need once everything that can be virtualised, has been virtualised?
I like the concept of the switchboard operator — their job is to connect the user to the thing they're after. It's really important that you have a brokering agent in place. In a world where everything is virtualised and running from different places, something has to be the gateway that gives access and security towards that.

I think it's clear we're heading that way with Project Horizon [VMware's cloud identity broker]. It's the only way IT has a chance of keeping control.

Which technologies threaten VMware?
The biggest focus has to be security and quality. That will be the first thing that really hurts us if it doesn't stay at the level of where it is today. People are literally running their entire business now on this software, so [we spend a lot of] time looking at different hardware configurations and testing edge cases.

Almost everything is how we make sure that [security and quality] stays in place even as we aggressively move people forward on it.

Virtualisation puts all your eggs in one basket, because you've consolidated, so you'd better have a really good basket.

How disruptive is Project AppBlast, which renders any application into HTML 5?
It's disruptive for two big reasons. One — it will take any type of application, whether it's on your Mac, PC, or a Linux box. The other key part is there is no special client on the other side. Anything in the world that speaks HTML 5 can receive this application.

There's no installation process. No hardware acceleration is needed. I could have my phone, my laptop, my iPad, all my applications delivered straight to the browser.

What stands in the way of companies doing the majority of their work on mobile devices?
I think networking. The reason we use devices like those is user experience, and we're a pretty long way from having dependable bandwidth and latencies, especially over a wide-area network or in spotty coverage. That has to come and continue to grow quite a bit.

Google's Urs Holzle told me "at scale, everything breaks". What are some of the technical challenges VMware faces?
Scale is what the cloud is all about. It's definitely the case that each magnitude of scale you go into tends to take several years of engineering time and experience. Google are the masters of this; they run scale like no one else.

Virtualisation puts all your eggs in one basket... so you'd better have a really good basket.

One thing I like about our strategy is we do a hybrid cloud strategy where we sell to enterprises and have big partnerships. The partnerships on public clouds push us on scale more than private ones. So our enterprise product gets even better ahead of the need on that side of things.

I think of [VMware's public cloud partners] as the tip of the spear in many ways. They definitely push you into types of errors and problems that you won't hit in a normal sort of activity.

It strikes me that the rise of connectivity and virtualisation is almost like the expansion of the railways: technology begets growth, which begets technology. What do you think?
The shipping industry to me is very analogous to what's going on with computing. If you squint your eyes and replace standardised cargo containers with virtual machines, then what you have is an ecosystem, building up ports and ships that are allowing you to efficiently move these applications or containers around the world.

You can take the analogy further and say that...

...these connections of public-cloud partners we're building — from Colt to SingTel to Verizon — they are the shipping ports, and they're actually allowing you to buy one ticket and move anywhere in that system. It has the same type of impact.

You can expect our number of products to shrink and be a much more integrated offering.

Containers made the shipping of consumer goods that much more portable, and you could move them between places. We tell a story to our cloud partners, which is that the ports that modernised the quickest to support the standard containers were the ones that led to thriving cities.

The reason I bring that up is when we talk to these telecommunication companies and service providers, we say: 'If you get on top of a standardised container [such as a VMware-virtualised system], it will help your port."

There's a standardised UPC code on every container out there. We have an engineer who's basically been creating that same UPC code on virtual machines, so you can monitor and track it in the same way you can with containers.

Do you feel there is scope for hypervisor consolidation in the cloud?
Competition is always good. It keeps prices in good shape. We're definitely a better company by having competition.

That said, [as technology advances] the hypervisor becomes hidden and cloaked. No one who uses Amazon [Web Services] even knows what is beneath it, and that's the right way it should look. The hypervisor itself is not that interesting. It's how you provide guarantees on top of it and manage it to scale that really sets things up.

There's a lot of interoperability work. [In August] the Open Virtualization Format became an ISO standard, and that means a workload could be stored a certain way and could be run on KVM, or VMware, or Hyper-V. That to me is another example that [the hypervisor is] not the real hard part, it's what you do with your application once it's in there.

VMware has introduced more and more services. What are its plans for consolidation?
Both vSphere and multi-device virtualisation efforts are moving much more to a consolidated suite. Horizon... should become the central broker for administering users and merging them with applications and giving them access to their data. It definitely needs to be a tighter funnel to get them there.

But that's also where — in the even more mainstream area of managing the datacentre — we have a number of products in place today. We're really aspiring to bring that together into a single suite, so we can think of all the things we need to do to run our cloud and make it look like one thing.

You can expect our number of products to shrink and be a much more integrated offering.