Virtual machines, containers, functions. Market knowledge for IT decision makers since 2003
Hernán Di Pietro is back with second part of VCP vs VMware beckmarks comparison!
Why a second review? Cause on the first one he benckmarked a Windows 98 SE guest while now he’s testing a Windows XP virtual machine, and results are quite different…
Take a look at this short update here.
Just found an interesting article titled: Using Linux VMware and SMART to Create a Virtual Computer to Recreate a Suspect’s Computer.
In the introduction author, Ernest Baca, says:
Since beginning my endeavors with computer forensics, I have always wanted the ability to boot up a suspects computer just to see what the user saw when he was using the computer. So many times I have done computer forensic exams in which proprietary software is used. Simply looking at directory structures sometimes just doesn’t cut it. Also, how many times did I make case agents go out and buy accounting software in order to run the target’s data, not to mention figuring out which files to extract.
The old method of booting the target’s machine consisted of cloning the target’s drive with Safeback, then installing it into a sterile computer or the suspect’s computer. I never liked the former method because of hardware issues and I never liked the latter because I like to touch the target machine as little as possible. All this hassle, not to mention I would still have to image the suspect’s computer again in order to do my forensic examination.
Is there a solution? I have found a solution that simplifies and speeds up the process. I am utilizing Linux, VMware for Linux, and SMART. Just what is Linux, VMware for Linux, and SMART? Well, as you all know, Linux is an operating system. What few people realize is just how powerful this operating system is when it comes to computer forensic work. VMware for Linux is a software package that enables you to create a virtual computer within your Linux operating system. SMART is a graphical computer forensic tool written for the Linux operating system. Why SMART? You will see later in this paper when I discuss the imaging capabilities of SMART. These capabilities make it probably the best imaging tool I’ve seen to date, not to mention the computer forensic tools built in to SMART.
I will present a step-by-step procedure on how to create a virtual computer out of your suspect’s machine and image your suspect’s machine at the same time for forensic analysis. It’s a system I call SMART Forensics.
Read whole paper here.
Finally someone did the great step 🙂
Bink.nu reports:
A simple performance comparison between two well-known “virtualization” software packages, both commercial: Virtual PC 2004 and VM Ware Workstation 4.0. Both virtual machines were configured with a 1024x768x32 desktop resolution, WIndows 98 SE and 256 MB RAM.
The test system hardware is as follows:
AMD XP 2600+ (1.92GHz), 333MHz FSB, 512k L2 cache (Barton)
nForce2 Ultra400 Based board (Abit NF7-S 2.0)
1024 MB RAM, DDR 333MHz
40GB WD hard disk
GeForce 4 MX, 64MB DDR AGP video card
Windows XP, Service Pack 1
Here the interesting comparison!
VMware itself (and other third party vendors) offers a tool called P2V Assistant to move a working OS from a physical machine to a virtual one, without facing different HAL. Great but this jewel can cost up to $15.000…
Do you need P2V migration but can’t budget so much? No problem: a couple of very active VMware newsgroups users developed a self-made method and published it. I copy and paste here for you all, but remember: I still didn’t tried it and I cannot assure it works.
Let’s start:
Overview:
This document lists steps required to create a virtual machine in VMWare
from an existing physical machine. These instructions were originally
written for the VMWare ESX Server product, but have been tested and verified
by the writer on one single conversion in VMWare Workstation v4.0. The
information herein was originally found on the VMWare newsgroup
(news.vmware.com) under the ESX Server product in a thread that begins with
“Norton Ghost.” There is still some valuable information out there the
reader wishes to do more research. Original instructions called for using a
“Ghost cast floppy via x-over” to create and restore the image of the
physical machine. However, this document will go from the perspective of
having a ghosted image on CD or DVD, which is how we image our systems for
duplication. The process is described in summary below, and subsequently in
full detail. Note that the writer makes no guarantees as to the accuracy of
the information herein, but is simply communicating how this has worked on
one occasion.
————————————
————————————
High-level Process Overview:
1. Obtain a bootable CD or DVD that contains the image you wish to
convert.
2. Create a new MS-DOS virtual machine of the correct size (i.e., at
least the same size as the physical partition that was Ghosted) and boot it
from the Ghosted CD or DVD.
3. Restore the Ghosted image to your new virtual machine.
4. Configure another virtual machine with the same operating system as
the one you just restored from the Ghosted image.
5. Boot another virtual machine with the same operating system as the
one you just restored from the Ghosted image
6. Boot the virtual machine you just created.
————————————
————————————
Detailed Instructions:
These instructions assume that a Ghosted image already exists on a bootable
CD or DVD. You will also need an existing virtual machine with the same
operating system as the image you wish to convert. For example, if you have
an image of Windows 2000 Advanced Server, you will need an existing
installation of Windows 2000 Advanced Server on VMWare. In addition, this
assumes that the image you are converting has been created with an IDE
drive. Converting SCSI drives is very complicated and not within the scope
of this article. Please read and execute these instructions carefully, as
each step within depends on successful completion of the previous step!
————————————
1. Obtain a bootable CD or DVD that contains the image you wish to
convert.
————————————
2. Create a new MS-DOS virtual machine of the correct size and boot it
from the Ghosted CD or DVD.
2.1. Start VMWare
2.2. Go to the File menu, choose New, then New Virtual Machine and click
Next.
2.3. Click Custom, then Next.
2.4. Under Guest Operating System, choose MS-DOS. This is important
because VMWare will look at this virtual machine as an IDE drive. Again,
attempts to convert a SCSI image did not work in this scenario. I am not
sure why.
2.5. Under Virtual Machine Name, choose a name for the virtual machine you
will ultimately be using after conversion.
2.6. Next, choose how much memory you wish to allocate to the virtual
machine you will ultimately be using after conversion. Note that these
numbers can be changed by the individual user based on how much memory they
will use keeping in mind how much physical RAM they have.
2.7. Click Next.
2.8. Under Network connection, choose Use bridged networking and click
Next.
2.9. Click Create a new virtual disk and click Next.
2.10. Under Specify Disk Capacity, you need to specify,
in gigabytes, how large to make the new disk. Note that you need to make
the disk size at least as large as the image you are about to restore, and
also need at least as much free space as you specify to allocate.
2.11. Click Allocate all disk space now and click Next. A
warning message will appear asking if you’re sure that’s what you want to
do. Be sure you have enough free space to create that size of a file.
2.12. Click OK to clear the warning message and allocate
the disk space.
————————————
3. Restore the Ghosted image to your new virtual machine.
3.1. With the virtual machine powered off, place the DVD or CD with the
image you want to restore into the DVD drive.
3.2. Boot the virtual machine.
3.3. Follow the instructions onscreen to boot from the CD/DVD ROM drive.
3.4. Follow the instructions to restore the image from CD/DVD onto the
virtual hard drive.
3.5. When imaging is complete, shut down the virtual machine and remove
the CD/DVD from the drive.
————————————
4. Configure another virtual machine with the same operating system as
the one you just restored from the Ghosted image (assumes you already have
another virtual machine with the same OS installed).
4.1. In VMWare, select the virtual machine that has the same operating
system as the one you just restored from Ghost.
4.2. Go to the Edit menu and choose Virtual Machine Settings.
4.3. Click the Add button and click Next.
4.4. Choose Hard Disk and click Next.
4.5. Click Use an existing virtual disk and click Next.
4.6. Use the Browse button to navigate to the VMDK file for the image you
created. For example My Data\My Virtual Machines\Test\Test.vmdk.
4.7. Click OK. The new virtual hard disk will be added.
————————————
5. Boot another virtual machine with the same operating system as the
one you just restored from the Ghosted image. This will allow you to add
the appropriate HAL.DLL file to the virtual machine, thus enabling it to
boot in VMWare.
5.1. Boot the virtual machine to which you just added the new virtual hard
disk.
5.2. Log into the virtual machine as an administrator.
5.3. On the Windows desktop, right-click My Computer and choose Manage.
5.4. Click Disk Management. You should see a disk in the right window
pane for the virtual hard drive you just added.
5.5. Right-click the new hard drive and choose Change drive letter and
paths.
5.6. Assign a driver letter to it (e.g., Z:).
5.7. In the virtual machine you are currently running, navigate to the
system drive\WINNT\system32 folder.
5.8. Search for the HAL.DLL file and copy it to the clipboard.
5.9. Navigate to Z:\WINNT\system32.
5.10. Rename the existing HAL.DLL there to HAL.dll.old.
5.11. Paste the HAL.DLL from the currently running
virtual machine in the Z:\WINNT\system32 folder.
5.12. Go to the Start menu and choose shut down to turn
off the virtual machine.
————————————
6. Boot the virtual machine to which you just created and copied the
appropriate HAL.DLL file. At this point, the virtual machine you created
from the Ghosted image should boot correctly with a minimum configuration
(i.e., no sound, 640×480 resolution, etc.). From here, you will need to
install the VMWare tools in the new operating system.
6.1. In VMWare, select your new virtual machine.
6.2. Go to the Edit menu and choose Virtual Machine Settings.
6.3. Click the Options tab.
6.4. Under Guest Operating System, change it to read the correct OS you
restored from the ghosted image (e.g., Windows 2000Advanced Server). This
is very important, as the next steps will not work properly if you choose
the wrong OS.
6.5. Click OK.
6.6. Click Start this virtual machine.
6.7. Give the virtual machine time to boot and log in as an administrator.
6.8. If you see any plug and play messages at this point telling you to
install new hardware, ignore them.
6.9. Once the machine is booted and the new hard ware massages are gone,
go to the File menu in VMWare and choose Install VMWare Tools.
6.10. Follow the instructions to complete the
installation of the VMWare Tools. This will tell the operating system which
virtual hardware drivers to use so it can talk to the host operating system.
6.11. After the installation of the VMWare tools, you
will be prompted to restart. It is a good idea to do so at this point.
6.12. Once restarted, you may do any additional
configuration and testing of the new virtual machine.
Woooooo!
I would love to receive some feedbacks: post your comments here about this method please.
Directly from 19 January announcement:
VERITAS Software Corporation (Nasdaq: VRTS), the leading storage software provider, today announced expanded Linux platform support for SUSE LINUX and VMware
…
VERITAS Cluster Serverâ„¢ is now available for VMware ESX Server, providing customers the first high availability option for VMware. Combining clustering, core storage management and server provisioning technologies, VERITAS delivers the fundamental building blocks for utility computing with heterogeneous availability, performance and automation software on all platforms, including Linux.
…
VERITAS Cluster Server is the first clustering software to make VMware ESX Server host and virtual machines highly available. VMware allows multiple instances of Linux, Red Hat or SUSE LINUX, Microsoft Windows and Novell Netware to run on a single Intel x-86-based server. VERITAS Cluster Server for VMware can monitor each of the virtual machines within the VMware ESX Server and failover any of the machines to another node in the cluster, or to an entire server in the event a server fails.
…
For new customers, pricing for VERITAS Cluster Server for VMware starts at US $1,995 per Linux client.
Taken from a CNet article:
The Santa Clara, Calif.-based chipmaker wants to take advantage of the huge number of transistors on the microprocessors coming out in the next few years. The company plans to produce chips with two or more processor cores–the calculating engine inside a chip–and make chips that can function as two processors, company President Paul Otellini said Tuesday morning at the Intel Developer Forum here.
A chip technology that will be available within five years, code-named Vanderpool, will allow users to partition the processor inside their computers. In a demonstration, Otellini used a PC to beam an episode of “The Simpsons” to a plasma TV, while another Intel executive booted and rebooted a game with the same machine.
“What we are doing is creating virtual machines inside the microprocessor,” Otellini said. “You can run multiple versions of Windows or different operating systems.”
Conversely, Intel will release Montecito, an Itanium chip that will be Intel’s first dual-core processor, in 2005 and follow it with Tanglewood, a future version of the Itanium family of chips for servers that will contain multiple cores.
The dual-core concept also will show up in the Xeon line in the form of Tulsa, which will be released in about three years. Xeon is based on the traditional x86 architecture, which differs from the Itanium architecture.
Yeah, I know it’s an old news but never reported before in my blog, so here it is.
Even if I’m not allowed talkin’about beta products (you know…NDA agreements as usual) sometimes VMware users helps me disclosing informations 🙂
This time a post appeared in vmware.for-windowsnt.experimental newsgroup publicily reveals that Worstation product entered in RC1 phase (build 6979). User who posted this info is also referring to the product as Workstation 4.5 and not 4.1 as expected. So probably VMware decided so many changes were in place to relabel final product.
Anyway be ready: gold version is coming!
Do you have this system requirements?
Processor: Athlon®, Duron®, Celeron®, Pentium® II, Pentium III, or Pentium 4
Processor speed: 400 MHz minimum (1 GHz recommended)
RAM: (depending on how many GuestOS would you run)
Available disk space: (depending on how many GuestOS would you run)
Other: Level-2 cache and CD-ROM required
Operating System: Windows 2000 Professional, Windows XP Professional, and Windows XP Tablet PC Edition
Then you can download here and try from yourself how good Microsoft virtualization technology is.
Consider also reading the evaluation guide.
Well, you know, Virtual Server isn’t yet released, but Microsoft community is already very active around it. I cannot disclose much about it since NDA beta program agreement obliges me to.
What is important here to say is that Virtual Server will require some OS components to let you administer virtual machines. This could be something problematic for some of us, or simply unwanted.
Is the case of an actual Virtual Server beta tester, Andrey Slanin, who created and publicily distributed a great Excel tool to replace official Microsoft VMs management. You can grab it here.
At today I dunno if it also works with Virtual PC 2004. Andrey will inform me when tried or eventually adapted. Meanwhile you could just try from yourself 🙂
P.s.: all authorizations to Microsoft and Andrey are obtained, before writing this post.
FreeBSD 5.2 RELEASE is just been released and if you like installing it on your VMware Workstation virtual machine (I tried on 4.0.5 version) you’ll need a little hack to make it works.
After defining a new VM with defualt FreeBSD settings don’t start it, but power it off. Now open new .vmx file just created and add on bottom this line:
monitor_control.disable_apic=”TRUE”
Now you can install and run it without further problems. Thanks to Joe Landers for this trick posted on vmware.guest.misc newsgroup.