VMware and Citrix XenServer cordially traded shots at the annual N-Square dinner hosted by the Internet Research Group on March 11 at Ming's Restaurant in Palo Alto. (The "Happy Family" was delicious, and it was a nice place for a group meeting.) IRG (Internet Research Group) principal Peter Christy started off the main event of the evening by forbidding marketing-speak and introducing Nand Mulchandani, a senior director at VMware and Simon Crosby the CTO of XenSource at Citrix.
Both Mulchandani and Crosby agreed that customers who were facing security problems most often did so because they incorrectly implemented virtualization, or improperly configured the virtual infrastructure once it was in place.
Crosby made the case that open was better than proprietary because the code base is open to examination by the most paranoid minds including the National Security Agency. Further that the NSA contributes innovative advances in virtualization security along with IBM, Intel, AMD along with storage vendors and many others.
Mulchandani put forward VMware's VMsafe security technology that is designed to protect applications running in virtual machines.
Both thought their way was by far the best.
Interesting questions called attention to creating IT insecurity when virtual machines appeared, disappeared and then reappeared over time. Ensuring that the virtual infrastructure can be audited for regulatory compliance was raised but not resolved.
One thing was clear from the evening: VMware and Citrix XenServer want companies to continue to adopt virtualization even as security concerns start to come to the fore, as departments aside from data center operations (like, security, for example) become involved in the implementation process.
As for Blue Pill, the proof-of-concept hypervisor root kit, Crosby, Mulchandani and Christy responded that the concern should be of no concern at all for any organization considering virtualization. Crosby characterized Joanna Rutkowska as a security consultant using a publicity stunt to get attention and that in practice and in theory she should be ignored. Mulchandani said that Blue Pill was only a PR headache for VMware and had nothing to do with them.
As we get ready for the RSA Conference in San Francisco, virtualization and security will continue to be a hot topic as orchestrating and constructing a secure virtual infrastructure continues to move forward in 2008.