It's perhaps worth noting that any example of IaaS (Infrastructure As A Service) deals with the same issues that Kelly will be dealing with. This is typical of "cloud" computing; in fact, Amazon EC2 is perhaps the largest public cloud provider, and any firewalls, A-V scanners, IDS engines and other security-related pieces of infrastructure are running in VMs, whether that's immediately evident to the end user or not. (Linux-based EC2 instances are all, AFAIK, Xen DomU instances. I suspect Windows EC2 instances also run under Xen, but I've never researched that.)
So, at the very least, a whole bunch of quite large companies have decided that yes, it *is* OK to host security services on virtualized hardware.
By the same token, I'm quite certain that Citrix provides a *very* different level of support to Amazon than they'll provide to you or me!
-Adam