News Stay informed about the latest enterprise technology news and product updates.

Q&A: Citrix's Crosby on XenServer and the cloudy future

XenServer is for more than XenDesktop, cloud computing is more than glorified server virtualization and security concerns about the cloud are overstated, according to Citrix CTO Simon Crosby.

In this interview, Citrix Systems Inc. CTO Simon Crosby holds forth on increasingly commoditized server virtualization and his predictions for the evolution of virtualization and cloud computing in 2011.

Crosby highlights several trends that have circulated among the cognoscenti of late, from a likely future of hypervisor independence to the need for diverse cloud computing providers to possibly overblown concerns about data security in the cloud.

Why should anyone adopt XenServer if they don't already do client virtualization? How does XenServer break out of that XenApp/XenDesktop "box"?
Simon Crosby: It's actually the other way around for us. We'll probably do about 250,000 servers this year, for XenServer, and the vast majority of that is server [virtualization]. The challenge coming into the year was getting more XenServer under XenDesktop. XenDesktop, when it went to market, it went to market on top of VMware. … I'd say that now, 70% to 75% of all XenDesktop sales are going on XenServer. So it's actually not that we have to escape it, we have to win the other 20% to 25%.

Beyond XenServer, what's the larger roadmap strategy for Citrix?
S.C: Citrix … will be hypervisor independent. We are the guys who add support to Open Stack for Hyper-V and for ESX. We're going to mandate it. And then all our solutions can be hypervisor-independent too. Once you step over this line of [the hypervisor being free], the value proposition moves up the stack. And that's where we have a strong interest [from our customers].

So our forward-looking direction is that all of the feature sets that today would be XenServer-specific will be cloud independent. We will implement on top of OpenStack, we will deliver OpenStack to the enterprise and we will support it, but we will also deliver solutions on top of multiple clouds. … We are not going to tie our higher-end value props to just XenServer. … Our strategy is to commoditize the stack and deliver it at scale, and then to "enterprise it up."

Does Citrix have any plans to offer something like the Vblock or FlexPod: a prepackaged infrastructure stack?
S.C: Citrix is never going to ship hardware. We don't do that, [and] we have a range of really powerful partnerships that will always deliver the best price-to-performance for our customers. I think what you'll see from us in the coming year is much more close guidance about how to get the best performance out of certain systems … and known stacks that work well. It reduces complexity for the customer. But we're not going to go and do our own version of the VCE coalition.

How do you see the virtualization and cloud markets evolving in 2011?
S.C: Everybody thinks they're building a cloud, even if they're really doing more server virtualization -- and by the way, I'm totally cool with that. But server virtualization… is not necessarily cloud in that the ultimate value prop of cloud is that I pay for stuff when I use it. But in terms of evolving that IT skill set, it's absolutely mandatory.

My personal view on cloud is that there is a substantial risk in going down a single-vendor path. You'd expect me to say that … since XenServer [has less market share than] VMware. But there are also very rational reasons: service providers need to be able to innovate and deliver truly differentiated services -- they don't need to just deliver a vCloud.

And enterprises need to use the services of multiple clouds. If the enterprise has to say, "Every one of my cloud service providers is going to have to use the exact same version of VMware," that kind of doesn't start to work after a while. … Openness is absolutely fundamental. Every enterprise ought to look at different kinds of infrastructure that can meet their needs…it's going to be a multi-vendor world with powerful options from a number of vendors … that can operate at different price points.

What is the biggest misconception about virtualization and cloud computing that you see today?
S.C.: The No. 1 issue in cloud is security. Time and time again, when you look at research, the big thing that comes out, the biggest doubt that anybody has about adopting cloud is security. But I'm going to be bold and say that in general … cloud computing, through greater automation, [and] fewer humans, is more secure than anything you could ever do yourself.

I don't want to be the enemy of the IT guy, but it is very clear to me that the adoption of cloud is an IT skill set issue. We get old with our music, and our GUIs [graphical user interfaces], and our skill sets. Cloud is a fundamental paradigm shift that threatens existing IT practice. And so it's going to be the case that the IT guys will always say the cloud is insecure, because they don't want it to change. Whether or not my cloud is super-duper secure and has top-secret clearance, someone will always FUD it. They will always do that.

Now, I'm not saying there aren't reasonable concerns and real needs to secure the cloud, and people have regulatory needs to certify that workloads and data are secure. However, WikiLeaks is nothing more than a great example of how the most secure human-driven stuff is insecure. So it's time to actually do the opposite of saying that all of these attacks make me scared that stuff in the cloud is going to be attacked. It's time to think that automation is how to get out of that human-based problem. While there are humans running around your infrastructure, with USB sticks in their pocket, you are vulnerable... Everybody probably trusted the guy who stole all the stuff that was given to WikiLeaks. Just as you probably trust your IT guys, tell me how you are any less vulnerable?

What's still needed to make the cloud more secure?
S.C.: All data needs to be encrypted at all times. That means all data needs to be encrypted in the cloud. And so my message to Intel is, "Hurry up, and get us more crypto engines on the server so we can make sure that that's the case." When I boot a VM [virtual machine] or run an app, I want it to come off the hard disk encrypted and I want to decrypt it in the context of the running app, and re-encrypt stuff that's written to storage, using keys that I provide, not keys that the cloud provider provides. … That's going to take more horsepower rather than less in the cloud.

Beth Pariseau is a senior news writer for Write to her at

Dig Deeper on Virtualization security and patch management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.