I couldn’t help but notice Eric Lundquist’s recent interview with VMware CEO Diane Green in eWeek: VMware Faces Virtual Reality. Besides the usual discussion about how VMware manages growth and increasing competition Diane interjects security into the interview:
Then there is a whole other area that starts getting into application infrastructure. One proof point of that would be in security. We recently launched VMsafe with the ISVs, and this is a proof point of how this is transforming the software industry. This is changing how you build apps. We now have about 30 software companies that have joined our VMsafe initiative, which is essentially creating APIs that let you secure what’s in a virtual machine because you know everything that is going in and out of it. So you can catch a virus before it gets in, and maybe prevent having to patch; you can say what’s allowed going in and out of a virtual machine.
Diane Green – eWeek June 2008
Later in the interview Diane is asked about virtualization security as a challenge and she talks again about how VMware views virtsec as an opportunity:
eWeek: Are these the issues you hear about from customers—concerns in the areas of security and sprawl?
Green: We haven’t heard that from our customers. It’s more been from other vendors that have an interest in talking about it that way. But we have always seen it as a huge opportunity.
In fact, Mendel [Rosenblum, chief scientist at VMware,] does a lot of research into security and virtualization at Stanford, and we have always seen the opportunity that virtualization offers in a more secure, new and powerful way. We are now finally realizing that in ways that customers can take advantage of.
– Lundquist/Green interview, eWeek June 2008
Compare this to Microsoft’s delays and the recent Citrix coverage and blog debate about who is responsible for virtsec. While VMware tightens its security message, Microsoft stumbles and Citrix washes its hands on the issue. These are three well-heeled competitors with admirable track records, established customer bases and excellent products; and yet three very different visions of the value of virtualization security to the proliferation of virtualization in the data center. Sometimes I get the impression that Microsoft is merely waiting for VMware to stumble on virtsec and then pounce. But will that happen?
In all fairness to Citrix they’re still absorbing Xen and may be focused on other issues. Their CTO is a brilliant guy who is one of the world’s leading experts on virtualization, but as Unisys Chief Security Architect and leading security blogger Chris Hoff points out he may need a quick primer on data center security or at least the mindsets of those whom Citrix will ultimately be selling through as they make a case for production deployments.
Earlier this month I talked about 2008s virtsec highlights. I think this recent VMware CEO interview needs to be added to the mix. VMware continues to impress me with their grasp and execution when it comes to articulating the impact of security on the virtualization of the enormous production data center market. VMsafe was perhaps a defining moment in production virtualization.
At some point I expect Citrix and Microsoft and others to wake up and smell the opportunity. Their products may be behind or in the process of integration, but I think their visions and messages are even further behind. Thus far VMware’s lead in adoption is mirrored by their lead in message and vision. And both leads might be destined to increase if they continue their focus on the Keys to the Kingdom.
Disclosure: I’m the VP Marketing for Blue Lane Technologies, a winner of the 2007 InfoWorld Technology of the Year for security, Best of Interop 2007 in security and the AO 100 Top Private Company award for 2006 and 2007. Blue Lane is also a 2007 Best of VMworld Finalist in data protection. I’ve been a marketing executive at Juniper Networks, Redline Networks, IntruVert Networks and ShoreTel. I’ve been an Always On blogger/columnist since 2004. My recently launched personal blog is: www.archimedius.net . These are all my opinions, and do not represent the opinions of employers, spouses, kids, etc.