Citrix Systems Inc.'s announcements of a virtual appliance version of its application delivery controller and on-demand delivery of virtual desktops bring some important security benefits behind their business-enablement messages.
To get security news and tips delivered to your inbox,
NetScaler VPX, a virtual version of the MPX hardware appliance, and Citrix Receiver, announced at Citrix Synergy 2009 in Las Vegas today, bridges virtualization and application delivery. Citrix, once known primarily for early incarnations of thin client technology, has been building towards transforming the corporate data center into what it calls the corporate "delivery center" since its acquisitions of NetScaler (SSL VPN-application acceleration), Teros (Web application firewall) and XenSource (virtualization).
Citrix Receiver facilitates virtual desktop infrastructure (VDI) deployment, with its inherent security advantages. First, user data doesn't actually reside on the user device, so there's no exposure if a laptop or handheld device is lost or stolen. Second, since the applications are actually running on a central server, they cannot be attacked on the endpoint, even if there are unpatched vulnerabilities or zero-day exploits.
Virtualization security moves to the fore in 2009: Virtualization platform vendors such as VMware and Citrix gear up to enhance security, as mainstream security companies slowly adapt.
Virtualization vendors not in the security business, says Citrix CTO: Simon Crosby, chief technology officer of Citrix Systems explains why virtualization security should be the job of security vendors.
"Since the applications are not actually on [the] desktop, it allows the worker to create a truly sandboxed environment," said Yankee Group analyst Zeus Karravala. "You can run anything you want and get both a performance benefit and security benefit."
Receiver is a lightweight client that "listens" for signals from the corporate to provision any application or desktop from the "delivery center" on demand. The endpoint device can be a Windows or Mac laptop or desktop, or an iPhone. Citrix will extend Receiver to other smartphones, starting with Google Android devices.
NetScaler VPX allows enterprises to inexpensively and dynamically deploy applications in a virtualized environment. From a security perspective, this allows the embedded Web application firewall to be deployed with -- and move with -- the application, instead of having to deploy a hardware appliance in front of the applications. Application delivery controllers (ADCs), such as VPX and MPX, combine WAFs with application acceleration and network capabilities such as load balancing and high availability.
Citrix competes with market leader F5 Networks Inc., among other ADC vendors.
"It's more of a performance benefit than a security benefit," said Karravala. "But there are security benefits, and, with a virtual appliance, you don't need to load the whole ADC -- you can pick and choose features; you can build the ADC directly into the application."
Since VPX runs only Citrix XenServer, however, its penetration may be limited, since VMware owns the lion's share of the server virtualization market.
Citrix also announced Dazzle, a self-service "storefront" portal for Receiver end users and version 5.5 of Citrix Essentials for XenServer, with enhanced storage integration.