VMTN Blog

Join the Conversation on Virtualization

Fri, 31 Mar 2006

VMware's newest blog, The Console, has arrived! It's your 'management console' that lets you monitor what's going on inside VMware and track what's happening in the virtualization industry. We'll have a rotating set of VMware executives and senior technical folks opining on a broad range of topics.

We start off with Dan Chu on virtual appliances and how they're changing the landscape of software distribution. Dan and his team are driving our efforts around virtual appliances, and the software projects and companies packaging their software in virtual appliances are already starting to see results.

If you haven't seen VMware VP Steve Herrod's article on virtual appliances, go check that out as well.

posted by jtroyer at: 17:37 | | | permanent link

Wed, 15 Mar 2006

eWeek's article VM Rootkits: The Next Big Threat? highlighted recent work from Microsoft Research and the University of Michigan on a proof-of-concept rootkit that hides itself using virtualization technology.

Guest-blogger Beng-Hong Lim from VMware R&D notes that this is not an issue with the security of virtual machines in general:

Another day, another application that demonstrates the power of virtualization. This time, from the dark side. Security researchers describe in a technical paper a virtual machine-based rootkit that exploits vulnerabilities in Windows and Linux to insert itself under the OS.

First off, it is important to understand that this threat targets the operating system. It is not about vulnerabilities in virtualization. Operating systems running on physical machines are vulnerable to this threat, as the paper shows by targeting Windows XP and Linux systems running directly on an x86 PC.

An interesting implication of the study is that operating systems that are already running in virtual machines are actually less vulnerable. This is because of the performance and correctness challenges of running a virtual machine within a virtual machine, and because a legitimate virtualization layer still runs beneath the rootkit.

What about the implications for virtualization software? A hosted-style virtualization system has a host OS that can be attacked using vulnerabilities in the host OS, compromising the host. A best practice would be to lock down the host OS in such a system. A bare-metal style virtualization system, such as VMware ESX Server, does not have a general-purpose host OS, and is not vulnerable to the same attack points as on Windows and Linux operating systems.

In practice today, a virtual machine-based rootkit is not any more powerful than a standard rootkit in hiding itself. There are many straightforward techniques that can be used to detect if an operating system has been moved into a virtual machine.

In the future, when hardware support for virtualization becomes complete enough, techniques for an operating system to verify that it is running in a legitimate virtual machine (or physical machine) will be able to defend against virtual machine-based rootkits. Virtualization software can also detect if a guest operating system has been compromised.

Thanks, Beng, and stop by any time.

posted by jtroyer at: 16:53 | | | permanent link

Today's Performance Guru Blog from Ken Robson has lots of virtualization goodness, even if he does misspell it virtualisation. While you're there, check out Ken's main Performance Guru site, which is quite clever:

HOME(1)

PERFORMANCE GURU

HOME(1)

NAME

home - site home page

SYNOPSIS

home [OPTION]... [FILE]...

DESCRIPTION

This page introduces the style and theme for the site. If you are not familiar with the style of this site then you are probably wasting your time here, it is in the style of a UNIX manual page and if this is not familiar to you then you are unlikely to get much out of the information in this site.

posted by jtroyer at: 11:28 | | | permanent link

Tue, 14 Mar 2006

Brian Madden has a great overview that discusses nine different architectures to deliver applications to end users. If you've been having trouble sorting your "application virtualization" from your "hosted virtual desktop," check this out.

In this article, I'll look at nine different application access architectures that we can use to provide Windows applications to users, and I'll evaluate the pros and cons of each.

The options are:

1. The old way. Install each application on the end user's computer.
2. Automated Software Distribution. Use a tool like SMS or Altiris to remotely install and update applications on end users' computers.
3. Citrix / Server-Based Computing. Install the application centrally on a terminal server and provide RDP or ICA access from the client device.
4. Application Streaming. Use something like Softricity to stream the application to the user's device on demand.
5. Operating System Streaming. Use something like Ardence to stream the entire disk image (OS and all) to the user's client device.
6. Bladed PC. Install Windows XP on a server blade and then provide 1-to-1 remote access via XP's built-in RDP remote desktop functionality.
7. VMware PC. Build a huge VMware server and divide it into multiple VMs, with each VM running Windows XP. Provide remote access via XP's built-in remote desktop.
8. VMware Clients within Terminal Server / Citrix Sessions. Build a server and install terminal services and Citrix. Install VMware Workstation (or Microsoft Virtual PC) as a publish application in Citrix. Then "publish" a VMware disk image for each user. Users connect to the published VM via ICA.
9. The Future. Application execution components can execute on whichever backend systems they need (in a grid-like way), and presentation components can be displayed and consumed wherever they are needed.

Let's take a look at each option more in-depth.

via virtualization.info

posted by jtroyer at: 17:31 | | | permanent link

Joe Brinkman uses VMware Server to multitask so he can ftp, configure a server, surf the net, and watch TV all at the same time. I'm linking to this only because Joe was kind enough to show us the quality TV he watches while multitasking.

Alex Pachikov is also multitasking, but he is creating a Terminal Server for Media PCs running Freevo or MythTV that runs inside a virtual appliance.

If this helped someone - I am glad. I sure tried to find a guide like this while reading every script in ltsp. In the end - it works! And it works great! Uses 5% on my client system resources to play video and uses the VMWare terminal server for NFS only (1-2% occasionally). Everything is fast, the sound is synced, video is crispy.

Now, am I going to keep it on VMWare or move it to the main system? I sort of did this in VMWare as a testbed, but now I think I will keep it. It runs fast. It is portable, so I can have it setup on several computers. I can take to a friend.s house. The whole image (both server and client) works out to be just under 3Gb - easily fits on a DVD with the free VMWare player.

posted by jtroyer at: 17:01 | | | permanent link

Mon, 13 Mar 2006

VMware founder Mendel Rosenblum sat down and talked to Computerworld recently. It's a short interview, but three nuggets stood out to me. The first was killer apps for virtualization -- and if you think virtualization is just about OS partitioning and server consolidation, you need to keep thinking. Now that your machines are virtual, what can you now do, freed of those physical constraints?

If you view [virtualization] as taking a bunch of machines and squeezing them onto a single machine, you're not using the real power of virtualization. A large percentage of the people who use our ESX product also use our VMotion technology to move virtual machines while they're running between physical boxes. The same technology that allowed them to do server consolidation now allows them to do things like load balancing across the different hardware platforms.

I am spending most of my time these days on virtual appliances and our Ultimate Virtual Appliance Challenge, so I may have appliances on the brain, but this also struck me as particularly true:

Today, you put the world's most general-purpose operating system on [a server] so you can multipurpose it for anything you want. In a virtual world, you build virtual machines and just customize what you want to do. That' a pretty different way of thinking about how computing goes on.

And at one level, this observation about server naming is trivial, and makes me smile when I think about Archimedes and other servers in my past, but does have deeper implications as we all shift to a world full of virtualized infrastructure.

Right now, people bring up a server and give it some name so they can personalize it. That will be gone in 10 years. You'll no longer think of a server as being something other than how you think of a disk in a disk array today.

posted by jtroyer at: 13:27 | | | permanent link

The Intel Developer Forum conference was held last week. VMware President Diane Greene took the stage at a keynote with Pat Gelsinger of Intel's Digital Enterprise Group, talking about the two companies' work together and Intel's newly announced VT-d I/O virtualization. Coverage from eWeek:

[They] also announced a tighter relationship between the two companies that includes not only consulting on technology, but also joint marketing and sales efforts. VMware products also will support VT-d in 2007, said Greene, when joining Gelsinger onstage. "Our customers ... love virtualization, and anything we do to make virtualization more enhanced makes it all the better for them," Greene said.

Also from eWeek, Virtualization Moves Beyond Servers:

"When you can treat a machine like a file, there is so much you can do with it," Greene said. ... VMotion enables users to move workloads between virtual machines without having to take down the systems. In the next upgrade later this year, VMotion will offer greater automation of this capability, Greene said. Currently there is some script work involved when moving workloads between virtual machines, she said. With the upgrade, that work will be automated. In addition, the enhanced software will offer automated failover through cluster management capabilities, she said.

Wolfgang Gruener of Tom's Hardwware sister site TG Daily has a good IDF wrap-up, discussing the performance emphasis of the conference and the spotlight on Intel's new NGMA/Core processors:

Besides the fact that Intel has renamed NGMA to "Core" - somewhat misleading as the current Core processor is not based on the Core architecture - the technology is pretty much what we expected to see: It will aim not only for performance-per-watt leadership, but also for the performance crown overall. In fact, the performance estimates of increasing performance 20% in the mobile space, 40% on the desktop and 80% on the workstation/volume server, appear to be very conservative estimates: On the one side, Intel cannot afford the embarrassment of missing those marks. On the other, the benchmarks we have seen indicate that an additional 10 percentage points of performance gain and an additional 2-5 points in power improvement for the desktop and server platform is a more realistic estimate.

Steven Shankland of news.com summarizes the virtualization-related announcements at IDF.

One planned improvement is a feature called extended page tables, an idea similar to an AMD virtualization technology called nested page tables. Both technologies speed up a facet of virtual machines dealing with memory. ...

Another improvement coming in hardware support for virtualization is the expansion of the technology into the domain of networking and other input-output tasks. Intel announced its VT-d specification Tuesday for some I/O virtualization, a month after AMD made a similar move.

posted by jtroyer at: 13:10 | | | permanent link

Fri, 10 Mar 2006

Nick Carr's latest provocative statement: Is the server industry doomed?. It's the standard server consolidation story, with Carr's standard message that all IT will become an outsourced utility, and those outsourced providers all running on white boxes.

Ultimately, we may come to find that the branded server was simply a transitional technology, a stop-gap machine required as the network, or utility, model of computing matured. I recently spoke to the chief executive of a big utility hosting company who expressed amazement that its largest server supplier seemed to be "in denial" about the profound shifts under way in business computing. Maybe it is denial. Or maybe it's just fear.

Several people followed up, including SAP's Charles Zedlewski and Sun's John Clingan. If I'm not summarizing too severely, their basic response was that lower costs traditionally have driven higher use and created larger markets.

Nick responds in his second entry by asserting that utility computing will win out.

I think he underestimates the economies of scale that the utility model, as it matures, will be able to deliver - not only in hardware costs, but in labor costs, electricity costs, real estate costs, and software costs - as well as its power to free up capital and management time for more strategic purposes.

I don't claim to have any magic insight over the 5 or 10 year horizon. But what I'm seeing anecdotally today is:

• VMware working very closely with server OEMs to drive sales.
• Customers buying increasingly big, high-margin multi-way boxes. Sometimes their overall hardware spend is lower, sometimes not.
• Customers buying white boxes only for labs or testing; the hardware cost ceases to become the driver for mission-critical business processes, even for small sites.
• Utility computing (or at least a utility model of resource chargebacks) becoming more common inside the enterprise, but not from outsourced service providers.

Dan Ciruli of Digipede adds a good personal observation about utility consolidation:

And one last point to show that, while electricity is not computes, even the electricity analogy doesn't spell doom for the server companies. There was tremendous consolidation in the electric power industry when the idea of a "power plant" came about. But did that kill the industry that manufactures generators? No--there are still companies making billions of dollars manufacturing power generation equipment (I used to work for one of them). There is still tons of research going into ways to make power better.

posted by jtroyer at: 19:20 | | | permanent link

Thu, 09 Mar 2006

Ron K. Jeffries at Cloudy Thinking points us to an article at LinuxMedNews about using VMware Player with open source applications to run a doctor's office. He started out with the virtual machine on a Windows XP laptop, but has since moved it to a server running Ubuntu Linux.

We use a virtual machine played with the free vmware player. It is a complete linux system set up by Rod Roark with OpenEMR, Freeb, and SQL-Ledger. The vm is run under Windows XP on a Toshiba laptop with a P4 1.8ghz and 1GB of RAM. In the morning, I load the vm and the other computers in the office, on the network, can log in by clicking on the desktop link to OpenEMR. At the end of the day, I back up the vm to a DVD. Sometimes I take the laptop home to work and sometimes not. My staff has taken to it with no complaints. ... I am now working on customizing OpenEMR a little to work better for us. To keep things simple, I make a copy of the vm to experiment with so I don't mess up our real data or system. This is definitely the way things will be done in the future. I highly recommend that physicians who want to save themselves a lot of headaches with EMR and practice management software should look into it.

posted by jtroyer at: 19:51 | | | permanent link

Licensing for virtual systems still requires a Talmudic attention to detail.

One such detailed look from Steve Kaplan examines October's virtualization licensing white paper from Microsoft and gives his take on various scenarios for Microsoft licensing in VMware environments, both for applications and operating systems. Here's one of his conclusions:

This licensing benefit is particularly important for users of expensive Microsoft licenses such as SQL Server or BizTalk Server. You can run, for example, an instance of Microsoft SQL Server on a multiprocessor machine, but only have to pay for one license as long as it's set up as a single CPU Virtual Machine. Since ESX Server is so efficient at delivering virtual processor and memory resources to SQL Server, many organizations will require fewer virtual CPUs than they would have physical. This becomes even more pronounced in a dual core server environment. A company that was paying $35,000 to run SQL Server Enterprise Edition on a physical 2-CPU server may now well get by with only paying $17,500 to run a one-CPU instance on a two or four CPU dual core ESX Server and still receive similar or even improved performance.

David Berlind also did a great job detailing the various Vista bundled virtualization scenarios with Microsoft details frugal licensing policy for Virtual PC on Vista. (Where by "frugal," he means, "Yes, you need to buy another copy of Windows.")

See also virtualization.info on What you need to know about Microsoft's virtualization licensing plans (Feb 4, 2006) and Microsoft adapts Windows Server System licensing to virtualization scenarios (Oct 10, 2005).

posted by jtroyer at: 18:34 | | | permanent link

Fri, 03 Mar 2006

Two of VMware's Consulting Architects will be presenting two tutorials at the USENIX '06 conference in Boston, MA. These will cover a deep dive on both ESX Server with additional material on Security, Performance Tuning and Disaster Recovery with Virtual Infrastructure, as well as a tutorial on Server Consolidation. For details please see the USENIX '06 web site which has more information. Links are included below:

• http://www.usenix.org/events/usenix06/
• http://www.usenix.org/events/usenix06/training/training.html
• W2 Introduction to VMware ESX Server
• R5 Server Consolidation and Containment Metholodology for Intel Environments

If you're out in Boston, you should also keep your eyes open for VMware's Cambridge Technical Seminar Series. The next seminar is scheduled for June.

posted by jtroyer at: 15:59 | | | permanent link

If you've been paying attention, we've starting using the new term "virtual appliance," most notably in our Ultimate Virtual Appliance Challenge. We'll have more to say about the art and science of virtual appliances soon, but in the meantime I'm tracking how folks out there in the blogosphere are "getting it."

Abe Fettig certainly gets it, although he accuses us of viral marketing to him. (Guilty as charged, but certainly not pre-planned.) He says "The VMware image is the new appliance":

• You can bundle lots of heavyweight dependancies with your application: database servers, web servers, java, python, you name it.
• The customer/user doesn.t have to do any setup besides downloading and running the image
• You can run your application on Windows and Linux without having to get all the dependancies running on Windows

Shahid Shah says that Software vendors should start providing virtual machine images to help demo their wares:

Faisal's idea is simple but brilliant: software vendors should create a "virtual machine image" of a system that has their software, database, network, etc all preinstalled and preconfigured. VMWare has a free version that can take a machine image and launch it on any modern computer. For Windows there would be licensing issues from Microsoft (a vendor can't just create a virtual machine client image with Windows without licensing restrictions). However, for any software that runs on Linux that's not a problem -- just bundle the operating system fully configured to run your software along with whatever else is needed and give your customer a "single click" launch and test capability.

The folks from MedSphere, VISTA, ClearHealth, and other open source groups should take this advice. The virtual machine client model for giving a trial version would change the trial deployment model dramatically and give you leg up on your competition. You could offer a "5 minute" install regardless of how complex your software is.

Techhawking, although he's casting it in an us vs them framework, is really just tired of the uninstallable tools:

And all those uninstallable tools, which I never got to work, can be easily removed if they were shipped in a VMware image. It's almost like deleting a compressed archive with all the files in it except that in this case you don't have to worry about that tool messing with your operating system.

Coming from a unix admin background I have to tell you how much fun its is to install an unstable version of an opensource tool. Whats worse is that some of them have so many dependencies that by the time you get to use the tool, you would figure out that you broke something else.

Update: one more from A.P. Lawrence: "Are these guys out for blood, or what?":

Packaging Linux servers and apps in VMware player should be a no-brainer. Offerings like E-Smith Server and anybody else offering a packaged product ought to be jumping on this. It's not that you necessarily ultimately expect the product to run in VMware Player (though in many cases, why not?) but that it's the bee's knees for a demo: show 'em what you've really got in an environment YOU control. No worrying about installation problems: the only thing that has to install is VMware Player and that's VMware's gig, not yours. You just set up the OS as you want it, install your app, bundle it up and put it up for downoad. What could be easier?

Any app, and any alternative operating system ought to be thinking about this, and that includes Windows apps: why fight with messed up, virus plagued systems that make your demo look bad? Control the environment and control the demo - and as I said, actually running it in that cocoon isn't a bad idea either. Yes, it costs more because you have to bundle Windows, but what does support cost? No brainer for many an app.

posted by jtroyer at: 15:56 | | | permanent link

Jason Powell is trying out VMware Server for the first time ... and he seems to like it. (What I find interesting is not only the WOW factor from first-time users like Jason but also the glee from long-time users when they start talking about ESX Server and vMotion.)

So we have a virtual Server2003 server now running our Terminal Services, and another virtual Server2003 server running WSUS (windows server update services). Those have been running for a week now with no problems. Next we'll move Track-IT, Spy Sweeper, MOM2006, and OpManager into virtual environments on that same physical server. So now 1 physical server can host many virtual servers all on the same hardware ... since most servers are way under utilized this is a great way to utilize spare resources (CPU, RAM) while keeping all the different applications in their own virtual space so as to minimize conflicts. The cost saving were talking here is huge!

Virtualization isn't new, as I've been reading about it for years, but the buzz surrounding it is now to the point where you have to really take notice. I'll admit I was very skeptical of using it in a production environment, but our uber-volunteer Dustin said they're doing a lot with virtualization at the large firm he works at (he's a Network Admin) and he's patiently explained things and answered my questions over the span of several weeks. There was a lot of writing on the whiteboard during explainations :-) The more we use VM Server the more impressed I am ... even more so given the fact it's FREE!!!

Why is it free you ask? Well because VMWare knows once you try the free version you'll be so blown away you'll want to migrate everything over to virtualization. The for-pay VMWare products build on the free version allowing all sorts of amazing functionality like moving a fully running virtual machine from one physical server to another ... yes, while users are connected ... drag-n-drop ... yes, it's amazing. You can also do stuff like hot spares ... say your exchange virtual server has a major malfunction ... you can set a another exchange virtual server to auto fire up and take over ... or start another instance and do load balancing if a particular server is getting loads of traffic.

posted by jtroyer at: 15:42 | | | permanent link