(or: “Open” – according to Goofus and Gallant)

When I was a kid – and, please, no comments about riding to school on my pet dinosaur, it’s difficult enough to deal with another birthday today – there was a magazine that appeared in every dentist’s office, called Highlights for Children. In every issue, there was a cartoon featuring two boys, Goofus and Gallant. Where Gallant was that perfect child who was constantly courteous, caring, and intelligent – enough so that, I think, every real boy wanted to beat him up for setting such a hard-to-match example – Goofus was the one who would do things that were so odd, so contrary to the needs of the people around him, that one would have to wonder into what sort of sociopath he was going to grow up.

When I think of what “open” should mean in cloud computing, I wonder how Goofus and Gallant would look at it.

Goofus says “open” means that enterprises can choose between lots of service providers – every one alike. Gallant says “open” means service providers can pair best-in-class technology with their own best practices and expertise and offer customers real choice. The heart of the vCloud proliferation strategy seems to be assuring enterprises that they can count on service providers not to bring their best game, but the same game, that they can get raw no-frills infrastructure. And when service providers sell identical “vClone” offerings that make it difficult for them to differentiate themselves based on their expertise in areas such as compliance and disaster recovery and application support, what remains is price. Price competition is good for the customer; competition solely on price benefits no one, not the enterprise customer who reaps the “benefits” of slimmed-down support staff and bare-bones infrastructure to save a penny per hour per VM, and not the service provider who finds that anyone with deeper pockets can starve him out of the running, no matter how much he’d be able to offer differentiated services based on his specializations.

Goofus says “open” means that as long as everyone in the world – enterprises and service providers alike – are running exactly the same software, there’s “freedom” of choice. Gallant says “open” means enterprises can extend their datacenters into the cloud no matter what virtualization and networking technologies they use. When you look at the infrastructure tech in place at leading service providers, you find a lot of Citrix and Citrix-sponsored gear: a Xen-based platform (either open-source Xen or Citrix XenServer) powers something like 80-90% of virtual machines in the cloud, while providers large and small rely on NetScaler to optimize, secure and manage 75% of the traffic on the Internet. But of course we recognize that lots of enterprises have built their infrastructure on other products. The Citrix OpenCloud approach is not to say “OK, everyone, just disrupt your business by replacing your carefully-selected, deployed infrastructure, and the world will be perfect” – instead, we say that you should be able to take advantage of your existing tech and plug it into an OpenCloud solution so you can extend your datacenter into the cloud with any provider, no matter what products you (or they) have chosen as a foundation. Of course, we’d love for you to experience the power and cost-effectiveness of XenServer and NetScaler – but we don’t banish you from the playground if you’re not wearing the right uniform.

(We’ve often used the analogy that the Xen hypervisor is an engine for virtualization, and that XenServer is a car that is built around it to put its power to work for users – and that other companies and organizations can take the same engine and add value by building a different type of vehicle. We’ve depicted everything from a popular Toyota to a Ferrari. But it looks like the vehicle analogy for vCloud is the Ford Model T – most popular in its time, but, well, VMware says your hypervisor can come in any color as long as it’s black!)

Today we are announcing two new Citrix products (one available this month, the other in early 2011) and the fruits of our recent VMLogix acquisition that together help achieve the goal of making the cloud open and transparently accessible for users. These new products, OpenCloud Bridge and OpenCloud Access, integrate and federate the networks and identity spheres of the enterprise and the cloud providers whose services they use to provide secure, easy-to-manage experiences for IT and their users alike. You can find out much more about these elsewhere – including in Mark T’s keynote today, which you can watch at Citrix Synergy Online if you’re not here with us in Berlin – but I want to call attention to one aspect of these and look at how Goofus and Gallant would see it.

Goofus looks out to the Horizon and says that, some day in the future, you’ll be able to sign on to Software-as-a-Service (SaaS) apps just by signing on to your enterprise network – as long as the SaaS apps have been reimplemented to support identity standards. Gallant says that’s all well and good in the future, but he thinks you should be able to do it today, even with the thousands of SaaS sites that use non-standard web forms. Please – not another example of “reinvent the world, and everything will work great.” Security remains one aspect of the cloud – perhaps the most significant one – that frightens many CIOs and slows cloud adoption. And while there are lots of facets to it, including data access protection and intrusion prevention, one of them is the proliferation of login/password information that the typical user of SaaS on behalf of the company has to maintain. It’s a hassle and a vulnerability for the users – the dreaded “25 yellow stickies with passwords stuck to the monitor” scenario – as well as for IT, who need to individually provision each app when employees need access, and (most irritatingly) manually de-provision them when employees are terminated or no longer need access to apps and data based on changes of responsibility.

At VMworld last month, VMware showed their future vision of addressing this, and personalized application access, with a look at an approach they call “Project Horizon.” We sat there and smiled – knowing that the thing about the horizon is that it’s far away and out of reach, and that the combination of OpenCloud Access and Citrix Receiver would make this real in just a few short weeks. (Unfortunately for VMware, the fabled ultimate product management tool, the PowerPoint-to-code compiler, doesn’t really exist…)

OpenCloud Access will not only allow users to sign into their enterprise domains and access their SaaS applications without needing to sign in individually to them if they’ve been engineered to rely on the SAML and OpenID authentication standards. It offers AppAdapters for lots of legacy SaaS apps – and will grow constantly to offer more – that let users log into those apps even if they depend on web forms for authentication. (And the same experience holds for enterprise and Windows and internal Web apps, of course, as well as cloud Infrastructure-as-a-Service.)

For IT management, revoking access to SaaS apps is simple too, with simple updates to the corporate directory directing OpenCloud Access to disable app access. And there’s no danger of side-door access, since users don’t even need to know their credentials for the SaaS providers! So the crisis mode operation of “everyone at the Help Desk log into ten apps and disable this account as security walks the former employee from the building” can be reduced to a single directory update.

The important things to know about this new capability that links the enterprise to the resources it uses in the cloud are that it’s here now, it’s integrated with the user experience, it’s extensible, and most important, it works with real-world services today (for example, SalesForce.COM, which is one of the integrations we demonstrate) instead of relying on the “step one, disrupt the business; step two, re-engineer the universe” paradigm.

So what’s the Highlights for IT Professionals bottom line? Simple. Don’t make Goofus your IT consultant. Gallant-ly go forth into the OpenCloud.