XenClient  (or XC for short) is Citrix’s offering for local desktop virtualization, providing increased security and simplified management for corporate laptops. XenClient was designed from the ground-up to be open and extensible. This starts by using open source technologies such as Xen, the Linux kernel and many more technologies. Next XC employs a unique Service VM architecture allowing the system to be extended via functional disaggregation. These Service VMs are generally small purpose built VMs that provide new services to the platform or to the local virtual desktops running on them.

Thus far the Service VM architecture has been used by Citrix to allow XenClient to have:

  • A dedicated user interface virtual machine encompassing Citrix Receiver for XenClient UI
  • A Network isolation VM for the XenClient XT Edition yielding network-level security
  • A VPN Service VM for the XenClient  XT Edition allowing per VM out-of-band secure network tunnels

The XenClient team’s intent from the start was to open up the Service VM architecture to 3rd parties, enabling them to extend the XenClient platform in new and interesting ways. One of the companies we are working with is Virtuata.

Virtuata uses the XenClient extensible virtualization Service VM architecture to establish a dynamic root of trust.  By design, the XenClient hypervisor acts as the Trusted Computing Base (TCB). It then enables Virtuata to extend the trust dynamically to loadable legitimate executable programs forming a dynamic root of trust. Once running, only the code belonging to those good programs can run.  By preventing good apps from getting infected, they lock out the sorts of advanced threats (like code exploitations and injection and return-oriented attacks) that have been leading headlines for the last couple of years. Thus, rather than waiting for the attack to happen and then reactively publishing signatures to detect that particular attack, they proactively protect known good and legitimate programs directly in memory.

The combination of XenClient and Virtuata leads to the establishment of a Safer and Assured Computing Environment. I will be talking more about our vision for Safer Assured Computing in the next coming “XenClient CTO Blog Series” so stay tuned.

The integration of Virtuata software with XenClient will be demoed at the Synergy conference in San Francisco this week. It is being shown in the Citrix booth in the XenClient demo area starting Tuesday night.

Stop by and check it out. I’ll be there along with other key XenClient team members meeting with partners who are interested in discussing this technology and other further potential integrations with XenClient.

Connect with the XenClient team online!

About the Author:

Ahmed Sallam drives technology and product strategy working with ecosystem partners for Citrix XenClient and the emerging client devices virtualization market. Prior to Citrix, he was CTO and chief architect of advanced technology at McAfee, now part of Intel Corp. He was co-inventor and architect of DeepSAFE, co-developed with Intel Labs, and co-designer of VMware’s VMM CPU security technology known as VMsafe. Prior to McAfee, Ahmed was a senior architect with Nokia’s security division and a principal engineer at Symantec. He holds 18 issued patents and has more than 40 pending patent applications. He earned a bachelor’s degree in computer science and automatic control from the University of Alexandria.

Follow Ahmed on Twitter: https://twitter.com/ahmedsallam

Check out Ahmed’s LinkedIn profile: www.linkedin.com/in/ahmedsallam