Wenhao Xu, SmartX: “threats are ubiquitous, which is a major problem for businesses”

When the whole IT system is outdated, no third-party cybersecurity solution is going to be able to protect the full attack surface.

The recent global events accelerated the digital transformation and forced companies to adopt new technologies, digitize paper-based processes and equip employees’ devices with security solutions, yet, many organizations are still reluctant to move away from legacy data center infrastructure. Experts emphasize that to ensure the highest levels of security and efficiency, companies must start by upgrading their IT first.

Today we are talking with Wenhao Xu, CEO and Co-founder of SmartX – a company on a mission to modernize the IT infrastructure.

How did SmartX come about? What has your journey been like?

SmartX was founded with a mission to “make IT simple” for our customers’ infrastructure. Back in 2013, legacy data center infrastructure was still so complex and inefficient, unable to support enterprises’ need for a rapid launch of modern applications. There was an emerging advanced architecture in the market at the time called hyper-convergence which would shift the whole situation, that’s when I and my two friends from Tsinghua University founded SmartX.

After leaving our jobs at Nimbula, Baidu, and Microsoft Research Asia, with our experience in virtualization and distributed storage, we decided to start from the most difficult part of the infrastructure – storage, with hopes of disrupting the legacy compute and storage architecture.

After 1 year, we launched our first hyper-converged software product – SMTX OS 1.0, with a stable and powerful storage core called ZBS. After 3 years, our products were largely deployed by our customers and we were reported by Gartner as one of the top HCI vendors.

Until now, we have over 10,000 nodes deployed by customers ranging from financial institutions, healthcare, manufacturing, real estate, and other industries. We have been recognized by reports from Gartner, IDC, Forrester, and GigaOm, and our business network has covered Greater China, Korea, Southeast Asia, the Middle East, and Europe.

Can you tell us a little bit about what you do? What are the main challenges you help navigate?

We make IT simple by modernizing the infrastructure. What we provide is a range of software products and solutions covering hyper-converged infrastructure (HCI), distributed storage, cloud-native storage, and multicluster management, to help our customers build a powerful, flexible, stable, and elastic infrastructure.

With our products and solutions, we are hoping to simplify the whole IT infrastructure cycle – from planning, configuration, and deployment, to operation & maintenance, all to increase efficiency and lower expenditure, allowing our customers to invest more time in creative tasks.

In a word, we bring simplicity, agility, resilience, and security to the data center infrastructure.

You state that current computing and storage architectures do not do the job anymore. What do these systems lack?

Traditional three-tier architecture is non-converged compute, network, and storage that run on dedicated hardware. Its resources are siloed and difficult to manage. It requires a lot of manual processes and siloed operational expertise. Whereas for HCI you only need to manage the resource pools across data centers with one intelligent management platform.

And since it runs on dedicated hardware, it’s expensive to start initially and scale up, unable to maximize existing investments. Whereas HCI is 100% software-defined, you only need industry-standard x86 servers and simply add capacity with no disruptions.

It also has poor scalability compared to hyper-convergence. With HCI, you scale out by adding capacity with performance growing linearly, and you only need a few hours to set up HCI and quickly spin up applications.

Have the recent global events somehow affected your field of work?

Hyperconvergence, according to Gartner Hype Cycle, is already a mature mainstream technology and will reach the mature plateau in less than 2 years. The need for HCI is still growing. The business opportunities are still growing strong in our business network across regions and countries including Greater China, South Korea, the Middle East, and Europe.

What are your thoughts on cybersecurity systems specifically tailored to one’s business? Is it something each organization should invest in or is it only relevant for large enterprises?

Cybersecurity is definitely important for most businesses, large or small. For our customers, network security is a big concern regardless of their company sizes, especially for their data centers. However, as businesses grow and there are more and more applications and workloads running in the cloud datacenters, we need to think about how to protect these apps more effectively with more advanced security technologies.

In your opinion, what IT and cybersecurity details are often overlooked by new businesses?

Most customers use perimeter firewalls for their data centers. It has a lot of limitations. For example, east-west traffic is not secured within the data centers, leaving the virtual machines and applications vulnerable to potential attacks once they breached the perimeter firewalls.

As a network-based technique, micro-segmentation protects each App/VM by very granular isolation. Inter-VM access isn't default trusted except permitted by explicit allow-list. It is key to protect every virtual machine with policy-driven, application-level security controls. With micro-segmentation in SMTX OS, we could protect every GuestVM on HCI.

What cyber threats do you think can become a prominent problem for organizations in the near future?

The global pandemic has accelerated digital transformation for each enterprise. Micro-service architecture is a popular solution to satisfy the evolution of digital applications. Yet, it introduces more fragmented and fragile components into the system. Attack surfaces of enterprise applications are expanding. Actually, we cannot identify which threat is the most serious problem. Threats are ubiquitous, which is a major problem for businesses.

What are the best cybersecurity tools do you think every company and individual should have in place to combat these threats?

Zero-trust is a perfect security model for this situation. Never trust, always validate. It's applicable for enterprises, individuals, and for applications and data in any form. There have been many methodologies and tools in the market to approach a zero-trust target. It is widely acknowledged that micro-segmentation is one of the keystones of zero-trust.

And finally, what’s next for SmartX?

We will continue to provide more hyper-convergence capabilities, expand support for more applications and workloads, reduce operation/maintenance complexity, and enable a set of unified systems for our customers. This includes:

  • Storage: to provide file storage services for virtual machines and containers
  • Container management: to provide IaaS (compute, storage, network) and easy-to-access Kubernetes services for container-native applications
  • High availability and disaster recovery: to improve data protection and disaster recovery capabilities, helping customers restore data and applications immediately
  • Distributed cloud management: to enhance management capabilities across multiple data centers and clusters, making it more efficient to share resources and relocate VMs within organizations
  • Intelligent operation/maintenance: to enable “1 click” for every complex operation, automation for cluster life cycle management, and visualization for I/O chain and traffic.