A few days ago, Microsoft announced that they were buying an SSL-VPN vendor called Whale Communications. (Of course you probably already know this because the other industry websites were full of corny headlines like “Microsoft swallows the Whale.”) Having spent a few days thinking about this deal, I’d like to share some thoughts about what this deal means to Citrix and the server-based computing industry.
The short answer? Not much.
Of course the SSL-VPN industry is not “technically” part of the server-based computing industry. However, since the best-known SBC company (Citrix) has entered the SSL-VPN space (with the Citrix Access Gateway), a lot of people have been talking about how (1) this deal is important to us in the SBC space, and (2) this is yet another example of how Microsoft wants to put Citrix out of business.
I don’t think either case is true. Before we dive into the analysis, let’s look at background of the deal.
Whale Communications is (was?) a software company. They have a software SSL-VPN appliance product that runs on Windows. It comes in various flavors, but basically it’s a plug-in for Microsoft ISA Server (Microsoft’s firewall server) that gives it SSL-VPN capabilities, endpoint security, and an application firewall.
This product will fall into the newly-created group at Microsoft called the “Security, Access, and Solutions Division’ (whatever that means). This is the group that owns all of the new security-type products that Microsoft has bought in the SSL-VPN, spyware, and antivirus spaces.
The question that everyone is asking from the SBC perspective is, “How will this affect Citrix?” My thoughts, as I mentioned previously, are that this won’t really affect them. Here’s why:
- There are probably a hundred SSL-VPN vendors out there in the market today, and Citrix is successfully competing against all of them today. So what if Microsoft buys one of them? Is Microsoft ISA Server negatively affecting Cisco’s firewall sales? I doubt it. The same goes for a Microsoft SSL-VPN offering.
- Much like Terminal Server, ISA Server is not a core product for Microsoft. If you talk to Microsoft sales reps out in the field, they’re pushing stuff like Windows, Office, Exchange, and SMS. They’re not really pushing ISA Server. Instead, ISA Server is (1) being built into a lot of appliances and sold by hardware vendors, or (2) used in specialized ways. One of the biggest reasons for this is that organizations simply do not need a lot of ISA Servers. A single company with thousands of Office, Windows, and Exchange users might only have two or three production ISA Servers. What’s a bigger target for Microsoft sales reps?
- As I’ve written again and again, what makes the Citrix SSL-VPN special is the way that it very tightly and intelligently integrates with Citrix Presentation Server and their Smart Access capabilities.
- ISA Server costs money. When Microsoft was talking about Bear Paw several years ago, that had the potential to hurt Citrix because it would have added Citrix capabilities into the baseline Windows operating system. But ISA Server costs either $1500 or $6000 per processor, depending on the version you buy. (Not to mention you need another $1000 for your base Windows Server license.)
Of course Windows 2003 has some basic SSL-VPN capabilities built into it for support Outlook to Exchange Server RPCs over HTTPS. Longhorn Server will extend that by adding RDP and SMB support. Even if Microsoft chooses to enhance the free SSL-VPN with some Whale Technology, I just don't see this affecting the core SSL-VPN vendors too much because Microsoft will have to be careful not to cannibalize their own ISA Server sales.