Pushing Virtual Buttons…
My last couple of VirtSec posts have caused quite a stir in certain circles.
The “debate” between who “owns” VirtSec that originated as part of my response to Simon Crosby of Citrix regarding the same has been picked up and amplified on multiple fronts.
Greg Ness from BlueLane wrote a piece referencing it that was cross-posted on virtualization.com and that even made its way up to VC/investment blogs such as seekingalpha.com (Citrix vs. Chris Hoff and has had my mobile ringing/vibrating itself off my desk over the last week or so.
It’s hard to believe sometimes just how many people — and who — reads my steaming pile of blogginess.
The second post of interest was in regard to the provenance of VMware’s VMsafe and my reflection on prior art (Livewire) by VMware’s Rosenblum & Garfinkel which seems as though it could be the progenitor of the upcoming technology.
The very tail-end update of that post referenced another piece of research produced by Komoku based upon similar work focused on rootkit defense. As I pointed out, Komoku was recently acquired by Microsoft.
I added those comments deliberately as a parenthetical — almost like a bookmark — because what I intended to do next was directly compare and contrast the technology architectures and approaches of VMware, Citrix and Microsoft as it relates to security integration.
It seems a bunch of really bright folks caught onto that because a slew of links (such as this one) followed — driven mostly by Alessandro’s (virtualization.info) post titled “Is Microsoft Working On VMsafe-like Framework”
I think that’s an excellent question
It’s pretty clear where Citrix’s CTO stands on the matter — as flawed as I see his shortsighted market approach (note I didn’t say *technical approach*) — but Microsoft stands to gain an interesting foothold in regards to security should they play this game correctly.
I found it interesting that others are starting to recognize that the virtualization battle isn’t going to be won by a shoot-out and the hypervisor-version of the OK corral. It’s the effectiveness of the ecosystem and the ability for the channel to serve it up and the customers to implement it.
People are sick of sweeping up the decaying corpses of good technical solutions that suck in terms of integration, implementation, operationalization and accountable support — especially when they have to keep paying for it. Ah the “best-in-breed” versus “good-enough” debate again?
Not to further pick on Citrix (or Xen specifically) but here’s a great post from Schley Andrew Kutz from the searchservervirtualization.com blog titled “Xen: An endangered species in the virtualization ecosystem?“:
While Citrix Systems’ Xen’s ubiquity may help the technology earn a legacy as the invisible hypervisor, it may also prove the most challenging next step for IT administrators and developers who want to find or develop software that leverages, supports or extends the Xen hypervisor.
While ultimately it may not prove difficult to develop cutting-edge technology compatible with the Xen hypervisor, it may prove so to market it. If you are in the business of selling virtualization add-on products, you want to ensure that your product is compatible with VMware Infrastructure, because that is where the sales are.
As Xen’s legacy may be to become the ubiquitous, embedded hypervisor for all to use, its strength may also be its greatest detriment to Xen-based virtualization platforms. Xen’s strength is its practical application as the invisible, reused, resold, embedded hypervisor, but invisibility just hasn’t worked in Citrix’s favor. Instead, it shields partners from building ecosystems around Xen and has marginalized the brand name.
Amen to that.
Take heed, Citrix. I maintain your CTO is blinded by what can only be described as a denial of market realities and an undying (arrogant) allegiance to what some might consider to be an architecturally superior product on some fronts, but a lacking solution on many others.
Securing the hypervisor is definitely important. However, securing both the hypervisor and the assets that sit on top of it by providing the most extensible, effective and manageable means of doing so is really what’s important to customers. Sometimes, it has to be about more than where you came from. Sometimes it’s about where you’re going.
I’ll be finishing up my post on where I think Microsoft ought to go shortly.