Forget about server consolidation, increased utilization, lower hardware costs and all those other benefits of server virtualization regularly trotted out by vendors. The real benefit of sticking your workloads on top of a hypervisor is ... security.
That will come as news to anyone struggling to get his or her head around virtual firewalls and the like, but it's the uncompromising line being taken by Simon Crosby, who until a few weeks ago was CTO of the data center and cloud division of Citrix. He and Ian Pratt, another hypervisor guru who was previously chairman of Xen.org and co-founder of XenSource, have just started a company called Bromium, whose stated aim is to build a second-generation virtualization product with the goal of making computing more trustworthy.
"If we can manage to pull this stunt off, it's going to be big in the sense that virtualization's primary benefit will turn out to be security," Crosby said recently, "It will be bigger than all the other benefits."
Bromium is still in stealth mode, and for the moment it's not revealing how exactly it plans to use virtualization for security. But Crosby has said Bromium's technology will be aimed at service providers rather than consumers, and it will apply to systems from mobile devices to Windows or Mac desktops and cloud services.
Another clue is that Crosby is deeply interested in protecting public cloud environments, so it's a good bet Bromium will be involved in this. Talking at the Citrix Synergy 2011 conference in San Francisco earlier this summer, Crosby asked where threats to cloud environments are likely to come from. "How many attacks can you think of in recent times where the attacker went into the data center and took the data? Very few, " he said. "The attack happens through the client. RSA got attacked through a flash vulnerability on the client. Unless you protect the client, you can do nothing for your cloud. I can walk in the front door courtesy of your clients."
So maybe something that protects clients then? Intriguing. Hypervisor-based security enforcement and encryption? A hypervisor that can prove mathematically that is has not been compromised? ... We'll have to wait and see.
Talking of public clouds, Crosby reckons they are much like airplanes. Why? Because intuitively they sound like far riskier propositions than they really are. Let's face it, the idea of getting into an aluminum tube with wings and flying across the Atlantic at 32,000 feet doesn't sound smart. Similarly, there is no shortage of people who have the gut feeling that putting their applications and data in a public cloud is not a prudent thing to do.
So how come air travel is so popular? One reason is that most people have overcome their intuitive distrust of a flying aluminum tube. That may be partly thanks to the reassuring presence of the Federal Aviation Administration, whose mission is to provide the safest, most efficient aerospace system in the world. "Safety is our passion. We work so all air (and space) travelers arrive safely at their destinations," is one of the FAA's stated values.
To get people to trust public clouds, we must take a leaf out of the airline industry's book, Crosby believes. "By the time a big chunk of the economy runs on these big (public) clouds, there will have to be an equivalent of the FAA because if they go down, a big chunk of the economy will go down," he said at Synergy. "And if you look at how the FAA came into existence, it came into existence because the airline industry created it to get over people's fear of flying. And what I see in enterprise customers is a fear of public cloud."
Right now, cloud providers can get certified to various standards. Wouldn't it be reassuring to know that some equivalent of the FAA is always around to monitor and regulate cloud-space, investigating any failures and ensuring every bit of data arrives safely at its destination? It's not a bad idea.
Paul Rubens is a journalist based in Marlow on Thames, England. He has been programming, tinkering and generally sitting in front of computer screens since his first encounter with a DEC PDP-11 in 1979.