VMTN Blog

Join the Conversation on Virtualization

Thu, 31 Aug 2006

Here's what I have open in my Firefox tabs this week:

• Have you read the interview with VMware's Patrick Lin on SearchServerVirtualization about virtual infrastructure and server sprawl? It's good. (TechTarget's sister Channel Marker weblog also wonders if server sprawl is a problem? The folks at the VMTN Forums seem to have it under control, mostly by controlling their business processes.)

• ultramookie: Speed Up VMware Server Guests. Don't forget to install VMware Tools! Even if you don't think you need the utilities, you get other benefits. And remember also that VMware Tools may now be included in downloadable appliances.

• Hamilton Chua: virtualize and be productive. "Here are the top 5 things I really like about virtualization with VMware server in particular."

• Gnubb: Ubuntu in VMware. "I have spent huge amounts of time trying to get Ubuntu working on my laptop, but it just doesn.t do well. ... VMWare Server, enter stage left. It is free. It allows me to run Ubuntu on my laptop, and let windows deal with all of the hardware issues. It is surprising fast and usable."

• Kung Fu Apps on Project Icebreaker and virtual appliances:

  And he leads me into my thoughts about software appliances as virtual machines. Besides appliances-as-delivery, I doubt that many vendors will continue to ship actual commodity hardware as their appliances. It's a poor strategy in my opinion, unless the hardware is driven by functionality specific requirements, to limit the use of the software appliance by a firm that prefers Dell hardware for instance. A sale might be lost by forcing generic x86 hardware on a customer. This is especially true if the customer wants to deploy VMWare ESX or XenSource for instance. Offer virtual machine appliances of your software to reduce implementation times and ease the burden of support -- it's the future of inside-the-firewall application delivery.

• Rob @ Amsterdam-ICT: Let's get Virtual gives a recipe for making a (non-HCL!) iSCSI Target for a budget Virtual Infrastructure installation, and Scott Lowe gives us Another Round with iSCSI and ESX Server 3

• sugree gives a new article at howforge: Why do you need Virtual Appliances?

• aweeks at vi411.org: Transforming the Landscape

• Vincent Woo: Strangely enough, the problem was due to allocating too much memory to the VM.

• Vampire's Blog: SAMBA + VMWare = much happiness

• Speaking of SearchServerVirtualization above, go check out the whole thing, if you aren't already. They're doing a great job, and they're pulling in both technical and strategic articles. It goes on my list (and soon my blogroll). Other new virtualization blogs are popping up on my radar. Go check out:

  • www.p2vd.com
  • virtualappliance.info, home of the Mambo virtual appliance
  • h0bbel, home of the widely acclaimed Gallery virtual appliance.
  • virtualize.wordpress.com, "Documenting a virtualization project"
  • Virtual Light Bulb
  • The Canned-OS Project
  • Virtual Intelligence Briefing

  What's on your radar?

posted by jtroyer at: 17:25 | | | permanent link

Tue, 29 Aug 2006

Ron Oglesby of RapidApp hits it out of the park again with his latest on brianmadden.com, Where is all this virtualization going? Ron talks about a future where the hypervisor is commodified, and what you think of as your "desktop" or "server" is really a collection of cooperating virtual machines:

Now let's picture a world where you buy an HP server, with OEM'ed Qlogic HBAs, Intel or OEM'ed Intel nics, memory from HP or Crucial, or (insert favorite vendor here), processors from AMD or Intel, drives from... you get the picture. Even if the processors, NICs, and HBAs all had hardware hypervisors built-in to them, what controls those hypervisors and connects VMs to them? What connects a virtual machine to each of these components? Right now the closest thing to bare metal is ESX. And improvements to the hardware will make ESX's performance even closer to raw hardware performance. But what is the future? The Future is a thin layer that is OEM'ed that can work with and control all these devices. It will not be as bulky as any Windows or Linux OS you have ever seen and will more closely resemble a glorified piece of firmware that boots and starts dividing up resources to whatever number of VMs you have running on the machine. Of course it will still have some type of interface while the server and its VMs are running, but it will be extremely lightweight and self-sustaining. This will come with every x86 server and desktop. What you will buy is not the hypervisor but the management tools that wrap around it. That is the key and this is where we bleed into desktops a bit. ...

In this example all four VMs would load at boot time. The network and security VM would be the first one up after the hypervisor loads. This VM will scan all traffic in and out almost like a network virus wall or a SMTP gateway server. It could be a one-stop shop for traffic scanning, IDS, IPS and even traffic scanning between VMs. This security VM may even be a VM that comes OEM'ed along with the hypervisor.

Next is your trusted desktop. This is where you work normally on your corporate LAN and interacted with trusted machines/networks. What machines and networks are trusted is configured in the security VM and is possibly centrally controlled by an administrator. The cool thing is that if this is a personal laptop or computer you may be able "outsource" your security by buying a subscription to "Symantec's Security VM Package." (I know, it's a lame name, but it's all I could come up with.) Anyway, the package may be purchased and delivered to the user to replace an existing one shipped by the hardware vendor (back to application distribution by VM appliance). They can then offer you a service where they update the VM (like getting new virus definitions) but in this case it's virus, malware, spyware, firewall, etc., and it's not tattooed in the trusted OS and can be hardened in ways that the trusted OS can't while still remaining functional.

In order for a future like this to happen -- with an embedded, thin hypervisor and a full mix-and-match set of virtual appliances cooperating on your desktops and servers -- the hypervisor must be independent of the underlying operating system. To get real freedom of choice, and to unburden the hypervisor from the overhead of a traditional OS, you can't be running at the base of your stack Microsoft Windows Viridian hypervisor or even a Xen-enabled Linux from Red Hat or Novell. You're just dragging along decades of legacy if you do that.

This also ties in to the latest analyst cannonball in the pool from Gartner: Windows Vista the last of its kind. (Was there any good commentary on this Gartner-vision from anyone in the trade journals or blogs? It all kind of blended together for me into a dull buzzing.)

Ron's is a longer-term vision, but shipping a "pre-virtualized" box soon is the kind of thing that ZDNet's David Berlind is advocating in a recent entry.

Well, how about this? Dell can think about taking us there, particularly on the client side. How about delivering Dell desktop systems pre-virtualized and then come up with a management utility so that when the time comes to move to a new system, it's as simple as copying a virtual machine from the old system to the new system (and taking care of all that complicated licensing management stuff caused by Microsoft's Windows Genuine Advantage program).

posted by jtroyer at: 18:16 | | | permanent link

Although we just touched on it, here is more recent chatter on virtual appliances. Virtual appliances, both as objects-in-themselves, and in their implications for the broader landscape, really seem to be something that people are internalizing and understanding.

From Kevin Kettler, Dell Chief Technology Officer: Virtualization Beyond the Enterprise. (Kevin, I take back what I said about not mentioning VMware in your video chalk-talk on virtualization.)

Returning to the scenario of a single application per virtual machine. what if you could purchase these preconfigured "personalities" -- customized VMs -- that plug into your virtualized client system. There is a clear opportunity here for the industry to seed the market with a variety of purpose-built VMs. I think this vision around virtualization is key to driving Linux adoption on the client. In fact, I challenged the Linux community in my April keynote to seed the market. In this new world, we will find Linux co-existing next to Microsoft on the same platform.

From Michael Gibbs of Network World: Excited about virtual appliances.

We started to circle back this week to the geographical information systems stuff that we started a couple of weeks ago but got distracted by something that is really exciting.

Some time ago we noted that VMware had started a program to encourage people to create prebuilt virtual machines (or "virtual appliances" as VMware calls them) configured to do something useful.

While the first few appliances were interesting, the Virtual Appliance Directory and the Appliance.net repository show how useful and amazing virtual appliances can be.

From Michael Ryan: Asterisk in an Hour.

Taking advantage of the benefits of virtualization, I downloaded a prebuilt VMware Asterisk server from the Stuff that caught my eye blog. In a matter of minutes, I had a full-featured PBX running with all the bells and whistles. The server came configured with trixbox, which includes freePBX for web-based administration, Asterisk Recording Interface (ARI), SugarCRM and many other very cool tools. Configuring everything through freePBX, I was able to setup SIP extensions, IAX trunks, the dialplan and voicemail, literally, in an hour.

exjoburger at Technofile urges us to consider switching to Opera because it lets him download virtual appliance torrents more easily:

The only web browser which may have a chance of dethroning Firefox as my browser of choice is Opera. Completely free since version 8.5 or so, Opera features everything Firefox has and more. Since version 9 Opera has a built-in BitTorrent client - useful for downloading "Virtual Appliances" for VMware, which are often only available in BitTorrent format.

Keystone IT is going to use VMware Server with a network monitoring appliance:

VMWare has a nice directory of submitted “appliances” as they call them. Unfortunately it relies on bit torrent for most of them, which alienates a lot of firewalled potential users. I did find an excellent VMWare network monitoring appliance hosted via http that I am already using. Thanks to Rich Trezza for that. It is a fully functioning nagios installation that works as soon as you turn it on. Nagios is more than a little difficult to set up from scratch.

From Dave Marshall at InfoWorld talking about the implications of VMware Relaxes Tools Distribution Policy:

Is Microsoft missing the boat on this one? At every turn, it looks like VMware and other software manufacturers are praising virtual appliances for what they can do and what they offer. But with Microsoft's licensing restrictions that are set in place, it becomes impossible for anyone to build and distribute a virtual appliance that is created on top of a Microsoft operating system. Even beyond licensing and serial numbers, programs to help stop piracy such as Windows Activation and Windows Genuine Advantage will further hinder the creation of a Windows based virtual appliance.

Damien Murdoch at ozvms with What is a virtual appliance?:

So in theory you could have a swiss army knife of appliances ready to go for any consulting engagement if you were in this position. What a boon for solution providers! In fact it is a boon for everyone in general. For instance, one of the best virtual appliances that I have seen was a caching appliance for web content. This could be used on a large corporate intranet and ready to go at a standby's notice for multiple cache server deployment or expansion. Great in an enterprise environment or for companies who need to scale infrastructure quickly for any number of reasons.

Denis blogs about VMware as an open source adoption accelerator:

But was is really interesting is that on 169 VM available from this contest on http://www.vmware.com/vmtn/appliances/ , 169 run on top of a Linux instance. Yes. 169/169. Of course this is to eliminate the licencing problems of commercial operating systems like Windows. With such a hit ratio, be sure than may people will discover Linux. They will start to be used to it. They will start to find normal that a serious, ready to used system, run on Linux. With full of open source apps that, well... just work.

And Chris Kelley has found a new way to run the labs:

I just posted about the labs site I am running to try out some of the more interesting web2.0 tools that you can run yourself. Now I have found a way to stand them up without runing my main server environment and without wasting time trying to track down pre-req's. Now that VMWare server is free, I have added that to my home server and have added a few appliances (Zimra and TriBox) to try out. Very nice so far, although I think I will need a bigger server soon.

posted by jtroyer at: 17:52 | | | permanent link

Wed, 23 Aug 2006

Here's a great podcast on virtualization and VMware. If you're only familiar with our Workstation product, this is a nice introduction to the technology going on underneath and also listing some of the differences that are in our enterprise-level Virtual Infrastructure offering.

Security Now! 53: Virtualization Part 2 with Steve Gibson with Leo Laporte:

This week on Security Now! Leo and Steve revisit the topic of virtualization in the second part of their series discussing it. The panel focuses on VMWare and its associated technologies this week, talking about entire operating systems and virtual machines running inside containers, and the security benefits, risks, and tools that can be used in this area.

See also the transcript. I have a few nits I'd correct (virtualization is not being subsumed into the OS, ESX Server did not start with a version of Linux years ago, and the virtual appliances directory has almost 300 entries, not 50 or 60!), but for the most part, it's a great overview.

If short bites are more your style, start subscribing to the InfoWorld Virtualization Report podcasts. At about five minutes each, Dave Marshall gives you the top one or two stories of the day. Recent topics include:

• Computerworld Horizon Award Honors Virtualization
• Take a Walk into the Appliance World
• Mac Virtualization is Hot! Did You See it Coming?
• Migrating from VMware ESX Server 2.5 to VI3
• VMware's VDI - Answers From Wyse and Leostream

Moving to video, last week Dell's new-ish Direct2Dell blog showcased some video of Dell CTO Kevin Kettler whiteboarding on virtualization. Not much new for regular VMTN readers, but he does talk about the concept of appliances and predicts a ubiquitous hypervisor layer shipping on all machines. I approve. I am surprised that Kevin doesn't mention VMware by name. We're the magic gnomes that make all his whiteboard boxes a reality.

For more boxes and arrows, see also VMware's Dan Chu in ZDNet's "At the Whiteboard" video series: What is virtualization? (transcript) and Enterprise-class virtualization (transcript)

posted by jtroyer at: 17:05 | | | permanent link

Tue, 22 Aug 2006

Software Appliances - Smalltalkifying software deployment

While Hardware Appliances are nice, there are situations where you might not want to actually have a power guzzling, big and bloody noisy chunk of server standing in your office. Maybe you'd rather have the software use part of the capacity of your 32 CPU SMP machine with that quarter terabyte RAM and who knows how much hard disk capacity. With the Software Appliance, you simply install the Virtualization solution that the appliance uses ... and the installation is done.

Breaking the ice

Do you ever wish you didn't have to port your application and test it on several different operating systems? Are you intrigued with the simplicity of "hardware appliances" like NetApp filers and the Google Search Appliance but don't want to get in the business of selling hardware? rPath would like yourPath to consider bundling your programs into a "software appliance" that can be installed on almost any x86 type of machine (real or virtual). At Linux World today they announced rBuilder 2.0, a bundler that will combine your software plus a trimmed down version of Linux into a package that can be installed on hardware your users already own.

Virtual Machines - Getting Rid of *Platform Hell*

An oft referenced problem in the Windows world is "Dll Hell (*)" It occurs when many applications depend upon the code in a shared .dll (a dynamic link library, which is basically code that is linked at runtime rather than compile time), an often ideal scenario given that you can upgrade security faults in one single location rather than recompiling and distributing static linked library using applications, or searching for disparate private copies scattered across volumes. Problems start to happen, however, if the dll is changed in a way that breaks some of the dependent consumers (for instance one of the applications rolls out a new version that changed the external API), causing inconsistencies or outright failures in other applications.

So why not release your web application (or any type of application) on an "appliance" virtual machine, as it's now getting named? The same goes for application "consumption": If you're a Windows shop, instead of hosting your wiki on Windows, or far worse limiting your choices to the small selection of options that exist for your particular ecosystem of dependencies, perhaps you could just deploy a Wiki appliance with the perfectly ideal configuration of database server, web server, host operating system, and modules.

LinuxWorld, virtually speaking:

Here's my advice: VMWare is the company to watch. They're easily the most mature company in this space, and their products just work. Now that VMWare Player and VMWare Server are free, there's absolutely no reason for security pros not to download the software and try these products out (Editor's note: they still don't yet support Mac OS X - try Parallels (VMTN note: even better, sign up for VMware's Mac OS X beta)). But simply downloading VMWare Server, for instance, isn't enough. You need a host OS to run inside your fresh installation of VMWare Server, or you've essentially got a car without an engine.

VMWare sponsored a contest - the Ultimate Virtual Appliance Challenge - over the past many months to create the most useful and interesting virtual appliances, and the winners were announced at LinuxWorld. I'm now grabbing you by the lapels and urging you strongly to go check those winners out, because there are so amazingly cool, powerful, and, yes, innovative tools there for you to see. And not just see, but play with as well.

Here, use my (virtual) machine

Anyway, whilst that's compiling I came across something new to me. The Python Web Developer Appliance is a project to distribute all the major python web frameworks, together with back-end databases and other handy open-source tools, running on BSD, so that development doesn't end up being sys-admin for the first three days of trying a new technology. This is done by distributing the whole thing as a VMware virtual machine.

That seems like a really nice idea.

posted by jtroyer at: 17:31 | | | permanent link

It's not Friday, but there's always time for: remaindered links.

Installing VMware Server on Fedora Core 5

Expand Windows NTFS drive on a vmware machine

We use Vmware Server quite heavily at RedBalloon and it gives us a huge amount of flexibility and scalablity without breaking the budget. An example of this flexibility is how we dealt with a recent problem where one of the drives on our Domain Controller was too small, but we had space available on the underlying Ubuntu Linux VMware Host. So the plan is to shut down the server, increase the size of the virtual drive, resize the filesystem and we should be good to go. BTW - this is not for the faint hearted and if done wrong can hose your system.

Offline VMware disk shrink?:

After playing around with different VMware Appliances and VMware Server, I noticed that the disk space consumed by the virtual machines were rapidly increasing. It's a well known fact that when a vmdk is defined you set a max disk size, and you can chose not to allocate all the disk space at once, and it'll expand the virtual disk as needed when you run the VM. All thats fine and dandy, and it helps keeping the filesize of distributed VMs low. But, what happens when you fill a virtual disk and then delete files from it again? Does the virtual disk shrink in size? No, it doesn't

So, why isn't there a simple command line utility available to do offline shrinking of VMware virtual disks? Does anyone know of such a tool hidden somewhere that I'm just not aware of?

VHD interoperability between Virtual PC and VMware Server:

I've been spending some time again moving Virtual Machines from Virtual PC into VMware Server for a client, when and old problem came back to say 'hello'. You see for most vanilla virtual machines (straight next, next, finish with no tweaking) the import will just work -- make sure you merge any differencing disks, and remove undo drives. ... However, to get smaller VMs - you need to tweak.

Sharing files with VMWare:

Any way, the first and biggest problem I faced using fedora core 5 on a VMWare session was the problem of file sharing between windows and WMWare. WMWare (at least its free player version) doesn't read host system's directories. No NTFS access (which a native linux installed as dual boot can do), no shared directory, nothing. I'm not sure, but they may have reserved it for their non-free versions.

Virtualization vs. Emulation

The CEO of Win4Lin, Jim Curtin, starts a blog:

But, what of the transition period? What does and architect or CIO visionary do with all the .state. already stuck out there? The fortune invested in legacy PC applications? This is where desktop virtualization comes in. Lifting up the state and re-hosting it, consolidating it, on cost-effective Linux infrastructure, this is what I will be talking about, for the most part, in this blog.

posted by jtroyer at: 17:26 | | | permanent link

I try hard to find problems and complaints about VMware in the blogosphere; I then try to either address them directly, notify the person responsible inside VMware, or send it up the food chain if appropriate. And we're not perfect; far from it. But most of the time, people agree on VMware: "I'm lovin' it!"

I love VMware:

Now talking about changing hard drives, I can imagine how much work it is require to do on a physical server. Backing up the files, shutting down, installing the new drive into the physical server, rebooting, re-partitioning the drive, copying files over, doing the power cycle again to take the old drive out, etc. This kind of thing is almost too trivial on VMWare.

Maybe that's what the future appliances is. Instead of buying small gadgets that do well on one thing, you buy a beefy server, and then drop in many small "virtual gadgets". Need an extra MySQL server? Just deploy another one using VMWare. Need a Firebird server? No problem. Too much load? Real-time migration of virtual appliances to another beefy server with minimum downtime.

We just migrated from VMware Server to VMware Infrastructure...:

I'm very excited about all the possibilities of services we will be able to offer now that we wouldn't have been able to do previously. If we can dream it, we can make it happen.

My new MySQL playground:

The VMWare Server allows to do great things that you usually wouldn't like to do on your working machines, mostly because of the danger to damage something that can take a lot of time to recover. And it's also a great thing to play with advanced MySQL issues.

So I installed myself a "MySQL playground" - a VMWare machine running SuSE Linux 10.1 - and installed three MySQL 5.1.11 servers (placed in different directories and assigned the ports 3306, 3307 and 3308). The first thing that I played with was to set up a multimaster replication example, based on Giuseppe Maxia's article: Advanced MySQL Replication Techniques (I planned to do this for quite a while and now I finally did it!).

Uses for VMware:

Its a list of all the ways I have used VMware in the past or currently.

• Run multiple OSes without a reboot, good to try out the latest kernel.
• Test out applications and configurations.
• Access 32 or 64 bit apps that normally would require a reboot.
• Test out new features in the kernel, Raid, Firewall, LVM.
• Code kernel modules or Systemtap scripts without worrying about brining down your system.
• Faster to setup than chroot and jails
• Containment of security breaches and applications
• Allow you to investigate possible viruses.
• Windows for the kids so they can have all there favorite plug-ins.
• Solaris on top of Linux without having to deal with hardware capability.
• Test cluster applications
• Easy way to get access to any operating system remotely
• Transferring data from other filesystems.

posted by jtroyer at: 16:35 | | | permanent link

Wed, 16 Aug 2006

Just in case you're not following along at home or haven't read about it elsewhere, we announced the winners of the Ultimate Virtual Appliance Challenge on Tuesday.

I've been working on The Challenge much of this year, building the website and working with the entrants. Expect more information soon about the winners, how and why they built what they built, and hopefully some commentary from the judges as well.

I think the results were great, and definitely pushed the state of the art in virtual appliance creation forward. The appliances are getting slimmer, easier to use, and more powerful. At least two people came up to me at LinuxWorld, and without me bringing it up (or knowing that I was even involved with its creation), told me how great the appliances directory was.

And yes, VMware's own Browser Appliance is getting a bit long in the tooth; we need to revise it. In the meantime, check out the new search we're putting into the appliance directory:

posted by jtroyer at: 17:47 | | | permanent link

It's been a banner week on Slashdot, talking about virtualization left and right. They also tied in to several topics from VMTN last week. Yes, the kids may be into Digg and reddit, but to actually get some good discussion on a deep topic, Slashdot readers still come through.

More on the Blue Pill

Last week I talked about Blue Pill Poppers. That same day from virtualization.info, Debunking Blue Pill myth with IBM/Xen'er Anthony Ligouri weighing in.

I approached Rutkowska about this and she attempted to address it in her prototype by adjusting one of the processors clocks on every exit. However, there is nothing that she can due about external time sources and she's admitted to this on her blog. She refers to this as a theoretical weakness in her system but I assure you that it is quite practical to exploit.

Keep in mind too that this level of sophistication is not even necessary with the current Blue Pill prototype. She would have to get Blue Pill to the point where it was as good of a VMM as Xen or VMware ESX. That's no small task!

And the Slashdotters weighed in.

And that's Joanna's point. Properly constructed, Blue Pill 2 (the successor with full emulation support coded in--she herself admitted that her prototype is imperfect) would be undetectable by software running inside the VM. She discusses the possibility of a timing attack using an external clock, but also notes that this is infeasible in a large deployment. Certainly it would be infeasible for your average person running a computer (evidence by the fact that some of them don't even run antivirus/antimalware programs at all and get horribly infected!)

I think that the danger here lies somewhere between "The end is very fucking nigh" and "This is absolutely nothing to worry about." Yes, it's extremely hard to implement. But that shouldn't mean we don't worry about it, because one implementation and it will be much easier to reverse engineer/modify to do other nasty things. Also, the eventual inability to detect in software means that if such an attack ever comes to pass, it will be extremely difficult to clean en masse (virtually requiring a reinstall or a livecd).

More on Hardware vs Software Virtualization

Last week I also talked about Keith Adams's and Ole Agesen's new paper on Hardware vs Software Virtualization. Slashdot also chewed on this for a bit.

I am 100% in favor of cheap and open solutions. But I don't agree that this will soon be the case for virtualization. VMWare and the few other major vendors do a lot more than software virtualization of a CPU (which is all TFA was talking about). To have a complete virtualization solution, you need to also virtualize the rest of the hardware: storage, graphics, input/output, etc. In particular graphics is a serious issue (attaining hardware acceleration in a virtual environment safely), which from last I heard VMWare were working hard on.

Furthermore, Virtualization complements well with software that can migrate VMs (based on load or failure), and so forth. So, even if hardware CPU virtualization is to be desired - I agree with you on that - that won't suddenly make virtualization as a whole a simple task.

(For the record, Keith would like to state that this was a research paper, not a white paper.)

On the Ultimate Virtual Appliance Challenge

And today they also surfaced a pointer to the winners of the Ultimate Virtual Appliance Challenge. We'll be covering this further on VMTN, but for now two of the winning teams chimed in there; here's a comment from the winning team:

As a coworker of the winning team, the main reason for doing an appliance version (apart from participating in this contest) was packaging. We actually do have a "native" windows port of the code (using python, pygtk etc.), and it's about 25 MB zipped when containing all the dependancies, of which there is really way too many to ask a random user to install so it all has to be packaged into the same thing, really.

The vmware image is about 72 MB bzip2-compressed which includes a stripped-down Ubuntu, X11 etc. And it runs on Windows, any random Linux distro that might have an old pygtk/cairo/whatnot that doesn't work with our code, OS X (with OS X vmware) out of the box. Nice even if you do lose some performance and run into issues inherent to virtualization (accurate timestamps and promiscuous mode inside the virtual machine are tricky and do have limitations!).

posted by jtroyer at: 17:35 | | | permanent link

ZDNet's Ed Bott and David Berlin are doing yeomen's work investgating Microsoft's increasingly-visibile Windows Genuine Advantage licensing validator and how that will interact with virtualization. Moving a virtual machine from one processor to another can trigger a false positive piracy trigger. Here's David's Ed Bott's WGA woes signal the big challenges with virtualization:

In fact, that very thing happened to me when I moved a Windows-based VM guest from an AMD-based system to an Intel-based system. This scenario introduces even more complexities into a WGA-like system since it seems perfectly reasonable to want to move VMs from one system to another to get your work done, particularly if a system is failed and you're simply using virtualization technology to recover from a fault. Or even if it has nothing to do with a fault. Let's say you're going on a trip somewhere and you don't want to haul your computer around with you. So, you put your entire VM on a USB-key along with virtual machine runtime (in VMware's world, this is called a "player" because you're literally playing the virtual machine the way you'd play a song) and you take your PC with you in your pocket. But, because of licensing technologies that are largely out of lockstep with technology, you're prevented from doing something that you should be allowed to do.

posted by jtroyer at: 17:01 | | | permanent link

Steve Herrod has a nice little interview in TechTarget's SearchServerVirtualization site. He covers upgrading to VMware Infrastructure 3 and virtualization's use in grid computing, but I thought this nugget on the relationship between the hypervisor and the operating system was quite insightful. This is a topic that Diane Greene has also spoken on.

Herrod: We believe that virtualization should be thought of along the lines of hardware. More specifically, we find that many of our customers treat it as a part of their compute and storage layer, thinking about it at hardware purchase time and expecting the same levels of reliability and performance. We also believe virtualization services should be independent of the operating system running within virtual machines.

Tight integration comes at the unfortunate cost of giving up a bias-free choice of operating system and thus the software stack (i.e., OS and application program). Customers who already have mixed software environments or who would like to have that option in the future will benefit from this lack of OS bias. And finally, tying the virtualization layer to an OS could push towards additional software dependencies.

Should you have to upgrade your virtualization layer if the guest operating system requires patching? We don't think so.

posted by jtroyer at: 16:54 | | | permanent link

Thu, 10 Aug 2006

Do you have a blog? Are you going to VMworld? If so, drop me a line (email jtroyer) or leave me a comment. I want to make sure that the conference is blogging-friendly -- in infrastructure onsite, in access, and on the web. Your input will be very much appreciated.

Thanks!

posted by jtroyer at: 17:03 | | | permanent link

VMware will be in force at LinuxWorld in San Francisco next week. Along with announcing the winners of the Ultimate Virtual Appliance Challenge, we'll have a booth and be speaking at a few sessions.

At the booth on the expo floor, you'll be able to take all 169 aforementioned Ultimate Virtual Appliance Challenge entries for a test drive, as well as check out the complete product line. Rotating presentations will include: " VMware Infrastructure 3: features and highlights," "Virtual Appliances: A new paradigm for solution-oriented software delivery and deployment," and "Business Continuity Through Virtual Infrastructure: Cost-Effective, Simple, and Reliable Solutions for Your Business." VMwarites will also be showing up in other booths, most notably giving some presentations in the theater of mothership EMC.

We will be speaking at two sessions:

• Tuesday, Augugst 15th at 3pm: Linux virtualization in the datacenter, Jack Lo and Patrick Lin
• Thursday, August 17th at 11:30am: Virtual Infrastructure Deployment Best Practices, John Arrasjid

And yes, there will be T-shirts.

posted by jtroyer at: 16:09 | | | permanent link

Steve Herrod points to a new paper by VMware's own Keith Adams and Ole Agesen that will be presented at the ASPLOS conference in October. The paper can be downloaded here.

Their paper, "A Comparison of Software and Hardware Techniques for x86 Virtualization," is the most detailed description of VMware's virtual machine monitor (vmm) available. It also examines the vmm implementation trade-offs as the CPU vendors directly support x86 virtualization with architectural extensions.

From the paper's abstract:

We find that the hardware support fails to provide an unambiguous performance advantage for two primary reasons: first, it offers no support for MMU virtualization; second, it fails to co-exist with existing software techniques for MMU virtualization. We look ahead to emerging techniques for addressing this MMU virtualization problem in the context of hardware-assisted virtualization.

Previous entries on Keith's blog: Intel quietly backing away from VT performance claims, VT Coverage: Predictable and Complete Confusion, VT hits the streets.

VMware continues to do cutting-edge research on virtualization. Our academic programs page collates our papers published to date.

posted by jtroyer at: 15:42 | | | permanent link

Although we've posted about hypervisor-based rootkits here before, recently some folks have been making a lot of noise about a "Blue Pill" partial prototype of same:

• Introducing Blue Pill and Blue Pill Hype from the inventor, Joanna Rutkowska
• 'Blue Pill' Prototype Creates 100% Undetectable Malware
• Defending Against New Rootkits That Beat BSD, Linux, Mac, Vista, AMD, and Intel
• The Little Blue Pill, the Big Black Hat, & Security Alarmism

I'm no expert, but even from the titles of the articles, it seems like there might be some hype going on. Now, let's check in with some folks who are knowledgeable about virtualization and see what they have to say. (This is the fun part.)

Tom Yager of InfoWorld: Blue Pill is an attention-whoring non-threat, period

I can't believe I even have to address this.

The "Blue Pill" (BP) AMD Secure Virtual Machine (SVM) root exploit is a scam. It poses no threat to any PC secure from physical access and where administrative privileges are tightly controlled. There is no security hole in AMD's SVM implementation, and the method described by the hacker can be employed in exactly the same manner on an Intel CPU with Virtualization Technology (VT). What's more, the hacker's claim that BP cannot be discovered once it's in place is wishful hogwash. The very infection technique to which the hacker alludes (and that's all he does; there's no meat on those bones) can be used to discover and disarm the exploit.

Kurt Wismer at anti-virus-rants: the blue pill leaves a foul aftertaste

so imagine my surprise and disappointment to read that in order for anti-virus companies to get additional information they'll have to pay money... yes, that's right, av companies are expected to pay for access to malware... as if malware creators don't already have enough of a financial incentive these days... by paying for malware, anti-virus companies would be giving malware creators (academic or otherwise) more reasons to create even more malware... that is not something av companies should ever be contributing to as it makes them part of the problem rather than part of the solution...

Keith Adams of VMware: "Blue Pill" is quasi-illiterate gibberish.

I'm surprised at the hullaballoo surrounding the so-called "blue pill" pseudo-exploit. The non-exploit consists of a boot-loaded VT/SVM hypervisor that "undetectably" compromises your chain-loaded host. Recall with me the fundamental theorem of VT/SVM: "VT and SVM make nothing possible that was not possible before." VMware's pre-VT/SVM products are an existence proof.

This case is particularly hilarious, because "cloaking" a rootkit is actually harder to do with VT/SVM than with plain-jane, pre-virtualization x86 technology.

I told you that would be fun.

posted by jtroyer at: 11:55 | | | permanent link

Wed, 09 Aug 2006

From ZDNet's Between the Lines:

In this special edition of the Dan and David Show we interview to VMware President Diane Greene. VMware just announced a future product designed to enable Mac OS X users to run multiple PC operating systems simultaneously without rebooting. David has been hot on the virtualization topic lately, and peppers Diane with questions about standards, hypervisor and operating system changes, Microsoft, Xen, Linux kernal patches, hardware-based virtualization and virtual appliances.

posted by jtroyer at: 15:15 | | | permanent link

Howard Rogers of Dizwell Informatics looks at VMware Server performance with Oracle in detail:

Every DBA and would-be DBA's best friend is (or ought to be) VMware. Running virtual machines means you can muck about (aka "experiment") with operating systems and Oracle configurations until the cows come home and still revert to a pristine state of fresh-installation-ness in a matter of seconds.

Until a few months ago, you had to pay for this flexibility, power and convenience, though: US$189, to be exact, which got you a licensed copy of VMware Workstation. Then the bizarre economics of competition kicked in, and VMware made their premium VMware Server offering available for absolutely nothing. (I say "bizarre economics" because I am still at a loss to understand why the Server version should be free and the theoretically less-capable Workstation version should still, to this very day, cost quite a lot of money).

Workstation is much more capable in virtual machine creation and management, with snapshots and linked clones. You can think of Workstation as the dev/test platform, with more features and richer APIs coming. Server is a great way to deploy virtualization cheaply and on a wide variety of hardware. ESX Server is the bare metal platform that has the scalability and manageability required for enterprise deployment.

VMware Server beta releases had their debug mode turned permanently on, which impacted performance. Now that it is released, performance for Server is the same as Workstation (which is as it should be, since it's built off the same codebase).

As far as I can tell, therefore, the free VMware Server product is finally as fast and as capable as the traditional (and costly) Workstation product. And whereas I have always wanted to be able to recommend Server because of its zero cost but have never been able to because of its awful performance, now I have no such caveats or reservations: VMware Server is now my strong recommendation as the virtualisation platform of choice, and future articles I write will reflect that.

Also, in another entry, How to become a Master of Oracle:

I was recently asked by a correspondent, "Do you have any tips for how a beginner like me can acquire a good and strong base in Oracle? Also what is the normal time it might take to master the same." Here's my reply:

Really, my only tips are: be precise, be thorough and test things out. Build simple test cases and actually test things! Take as little as possible on trust until you've done it for yourself and know (a) it does work that way and (b) why it works that way.

Slightly more practical tips: get VMware and start creating virtual Oracle Servers by the dozen. Having a virtual machine instead of a physical one means you are much more likely to be comfortable testing something to destruction. Mistakes become non-fatal!

Try and do Oracle on Windows **and** Linux. Learn Oracle, not an operating system. Know where Oracle on one style of platform differs from another (usually, there's not much in it, but you should be able to quantify the "not much")

And to that end, Tarry Singh is back with his RACing ahead with Oracle on VMware, Part 15: Creating database using DBCA on Redhat 4.2 Advanced Server. Go back to Part 1, follow along, and you too will soon be an Oracle Master.

posted by jtroyer at: 15:04 | | | permanent link

Mon, 07 Aug 2006

VMware's Director of Developer Products, Srinivas Krishnamurti, gives us the behind-the-scenes scoop on our new Macintosh product announcement today at Apple's WWDC:

We also agreed early on in the design process to make sure that your experience of running a virtual machine is very close to native, in terms of performance and use of hardware/devices. To that end you will notice excellent performance when running a virtual machine on OS X. Since most Macs now have Intel.s Duo with two cores, we added Virtual SMP capabilities so that you can assign more than a single CPU to any virtual machine to gain additional performance. One of the cool things that I like about my Apple (albeit an older one with PowerPC chip) is the simplicity of doing any multi-media work. I can record movies or use iChat quite easily without the need to buy additional software. We wanted to make sure you have access to all those devices from your virtual machine as well so we spent a lot of time on making sure devices work well. You can use USB 2 devices like video cameras, etc.

Register for early access to the beta.

posted by jtroyer at: 08:00 | | | permanent link

Fri, 04 Aug 2006

Friday catches up to us again:

• Installing VMware Tools on Ubuntu and Problems importing VMs into ESX from Gorillapond.com
• Security Now! 50: Intro to Virtualization podcast from Leo Laporte and Steve Gibson. (Not very much material on what we currently think of as virtualization, but I'm waiting on part 2.)
• Virtual appliances rock: one, two, three part 1, three part 2, four
• P2V for VMware: tools, experiences, articles
• Installation of VMware VirtualCenter 2.0. (Lots of screenshots)
• Two articles from Alessandro Perilli on SearchServerVirtualization: The Kutz Q&A on security and futurescapes, The risks of using free virtualization products
• iSCSI and ESX Server 3
• Let's get virtual "So, what did I do to get this bunch running on relatively cheap hardware and SATA disks?" (building an iSCSI target)

posted by jtroyer at: 18:35 | | | permanent link

Dave Marshall, of Surgient, VMblog, and InfoWorld Virtualization Report fame, and his colleague and co-author, Wade Reynolds, are holding a webinar. Attendees will get a chance to win a copy of their book, Advanced Server Virtualization: VMware and Microsoft Platforms in the Virtual Data Center. Dave and Wade have been in the virtualization game for years, and know their stuff. The book has been well-received, and I'm sure the webinar will be worthwhile as well.

More information about the webinar is here.

posted by jtroyer at: 18:02 | | | permanent link

Steve Herrod talks about paravirtualizaton in his latest blog entry:

First and foremost, some have implied VMware is trying to slow down virtualization competition in the Linux space. This couldn't be further from the truth. In fact, we're extremely motivated to accelerate the industry to a generally accepted, technically sound, and open approach to paravirtualizing Linux as soon as possible. The motivation for proposing VMI as an alternate approach to Linux paravirtualization was to help ensure that Linux gets a sustainable, customer- and ISV-friendly set of interfaces. We think this is in the best long-term interest of the community. Obviously we're also quite interested in making sure that Linux's paravirtualization implementation is independent of any specific hypervisor implementation allowing VMware, Xen, and others to compete in this space. Virtualization competition is good for the customers and for Linux's continued growth.

posted by jtroyer at: 17:50 | | | permanent link

Bob Roudebush gives an overview of vThere from Sentillion, a solution aimed at mobile and remote workforces and built on VMware Player.

The vThere team's assertion is that a standardized virtual desktop is easier to deploy and manage in a distributed environment and allows for better security as it is not susceptible to the same sorts of attacks that plague physical desktops - i.e., the VM isn't exposed to the physical network (a VPN connection is established) and the virtual machine makes doing things like capturing the physical host's keystrokes difficult. Part of the first assertion regarding management is supported by the two other parts of the vThere solution - the vThere.NET service and the vThere Image Creator.

(via virtualization.info)

posted by jtroyer at: 13:24 | | | permanent link