Simon Crosby and Ian Pratt move on from Citrix, create Bromium, Inc.

Yesterday we learned that Simon Crosby and Ian Pratt are leaving Citrix to start a new company called Bromium. I've only met them in passing, and even though Simon and Brian have some sort of thing going on, I have a ton of respect for both Simon and Ian.

Yesterday we learned that Simon Crosby and Ian Pratt are leaving Citrix to start a new company called Bromium. I've only met them in passing, and even though Simon and Brian have some sort of thing going on, I have a ton of respect for both Simon and Ian. I was particularly appreciative of the sharp edge that they brought to Citrix even when Citrix seemed more or less dull. If one or both of them were speaking, I was listening.

Citrix released a statement, and in it they mention plans to fill the voids left in their CTO team by Simon, Ian, and Harry Labana in the future, and also hinted that the CTO team could be jostled around a bit to take advantage of the strengths of new hires. All three CTOs have powerful and unique personalities, skillsets, and approaches, so filling the voids is not an enviable task. Citrix has said they will maintain a relationship with Bromium as partners, and that Simon & Ian will remain involved with, the open source arm of the Xen hypervisor. Still, that's pretty far from having them just down the hall.

Anyway, on to Bromium. It's currently operating in stealth mode, and it appears that it will remain that way for a while. What we do know is the press release lingo that says Bromium will "target the intersection of virtualization and security," which isn't all that helpful. What may be helpful, though, is a look at people involved with the new company.

From the press release:

  • Gaurav Banga (co-founder, president and CEO) - Prior to founding Bromium, Banga was CTO and SVP, Engineering at Phoenix Technologies Ltd., where he drove the company’s transition from the classic BIOS product to the modern UEFI standard, fostering quicker innovation in the PC’s firmware layer. He also led the creation of two new product lines: HyperSpace – a new platform for instant-on and power efficient computing, and FailSafe – a cloud-based anti-theft and device management system for the PC. 
  • Simon Crosby (co-founder and CTO) - Crosby joins Bromium from Citrix, where he was CTO of the Data Center & Cloud Division. He joined Citrix through the acquisition of XenSource in 2007, which he also co-founded and led as CTO. Previously, Crosby was a principal engineer at Intel, where he led strategic research in distributed autonomic computing, platform security and trust. He was a member of faculty at the University of Cambridge Computer Laboratory and Fellow of Fitzwilliam College.
  • Ian Pratt (co-founder and SVP Products) - Pratt is the chairman of and was co-founder of XenSource. Prior to Bromium, he served as vice president of advanced products in the Virtualization and Management Division at Citrix. Pratt also was a member of the senior faculty at the University of Cambridge Computer Laboratory and Fellow at Kings College, and a founder of Nemesys Research, acquired by FORE Systems in 1996.

Also noted in the press release are board members Frank Artale, who previously held positions at both XenSource and Citrix, Peter Levine, who was the CEO of XenSource before they were acquired by Citrix, and George Kurtz, who is the Worldwide CTO at McAfee. Artale and Levine are no-brainer additions. They both work for the investment companies, and they have pre-existing and successful relationships with the founders of Bromium. George Kurtz may very well have a long history with them, but what sticks out to me is the work that McAfee has done with their out-of-band antivirus, not to mention their other security initiatives. Having board-level direction from someone with that kind of experience is interesting, to say the least.

It's almost useless to speculate right now about what Bromium is creating, but I want do want to throw an idea out there. Guarav Banga, from Phoenix, has an existing relationship with Simon and Ian, presumably because of Phoenix's use of Xen as the underlying technology behind HyperCore, the embedded hypervisor that was announced several years ago. HyperSpace, which was originally Guarav's product, utilizes HyperCore for the instant-on computing mentioned in the press release. 

Some Googling turned up a presentation from 2008 on Phoenix's vision of HyperSpace. In it, they dubbed an initiative called "PC 3.0" that involves a lightweight VMM (LVMM) embedded into the hardware that is used to isolate Windows from "specialized core services," while still providing native user experience since the virtualization is being done at such a low level. There are even provisions for separate applications that live in protected space (AppSpace or HyperSpace Applications) and Windows Apps that live in user space. There is also mention of a separate "ManageSpace" that involves out of band management and security tools. The presentation is in PDF form, and is a very good read if you want to check it out.

HyperCore and HyperSpace were purchased from Phoenix by HP in June, 2010, but I've yet to see anything released based on the technologies. With that in mind, the combined skillset at Bromium fits well with the plan outlined by Phoenix three years ago. One founder is well-versed in embedded hypervisors, and the others are virtualization gurus focused on user experience and the fundamentals of hypervisors. About two years ago, I wrote an article titled "Why do we need 'Software' client hypervisors?" in which I speculated that HyperCore or a product like it could be used to remove the competition for who has the best client hypervisor and instead turn it into a competition for who has the best management platform. With the experience of the principals in Bromium, I wonder if that's where they're headed. Simon writes in his farewell blog post:

Bromium is not ready to disclose its technology or products.  We are fusing deep virtualization and security systems DNA to build a powerful set of tools that can offer continuous endpoint protection.  Bromium does not intend to compete with any virtual infrastructure or security vendor.  There is much more to tell, but we have a lot of work to do first.

I think there's at least some element of truth to what I outlined here, but I'm also certain that Simon, Ian, and Guarav are about 20 steps ahead of everyone else in their thinking, so I look forward to eventually learning all about Bromium. That's enough speculation for now, because to go on would involve even more conjecture. Still, it's an interesting prospect, because security seems to be the biggest reason people are using client-side virtualization today.

If you care to carry my thoughts on or introduce your own, we'd love to hear them below in the comments.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Gabe - I think you are spot on in your observations and should be commended for your bird-dogging and following the bread crumbs.

I see Bromium as an enabler for multi-platform scenarios (ala XenClient or Virtual Computer) but at the chipset level rather than bare metal. Not sure if you can go any deeper than that!


Client side data protection is going to become more important as people use more diversity in the devices they use. Question will be, is this a strategy of something that is shipped on the hardware which is an OEM nightmare, so something that installs on top of the OS like a type 2 approach. I hear it's an OS on top the OS play of some sort that is much lighter than Type 2. That would be interesting.

Shame smart people are leaving Citrix to do smart things and Citrix is too stupid to do anything.....