VMware Workstation gdk-pixbuf path searching vulnerability

A new vulnerability seems to afflict the most known VMware product, providing privileges escalation:


Tavis Ormandy has discovered a vulnerability in VMware Workstation, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to VMware Workstation searching for gdk-pixbuf modules in a world-writable directory. This can be exploited via a malicious module to execute arbitrary code with the privileges of the user running VMware Workstation.

Successful exploitation requires that gdk-pixbuf is not installed on the system.

The vulnerability has been confirmed in version 4.5.2 (build 8848). Other versions may also be affected.

HP launches the ProLiant Essentials Server Migration Pack

HP launching its new ProLiant server line also launched a tool easying physical server virtualization called ProLiant Essentials Server Migration Pack.

Quoting from official page:


The ProLiant Essentials Server Migration Pack radically simplifies server consolidation projects. Server Migration Pack (SMP), a companion product to the Virtual Machine Management Pack, automates the manual processes required for a physical server to virtual machine (P2V) migration. SMP raises the bar on P2V automation, so that a typical migration process can be completed in a matter of minutes. The SMP’s advanced migration technology also provides the ability to support virtual machine to virtual machine (V2V) conversions. V2V provides the ability to covert Virtual Machines between different underlying virtualization layers including: VMware ESX / GSX and Microsoft Virtual Server.

Systems Insight Manager and the ProLiant Essentials management software provide a complete tool set for server consolidation projects. Using HP SIM and the Performance Management Pack, users can easily identify underutilized servers in the datacenter that are candidates for consolidation. Once these systems are identified, SIM and the Server Migration Pack provide an easy to use physical to virtual (P2V) migration capability.

Four Key Features

– Systems Insight Manager Integration
Enables all operations required for P2V or V2V migrations to be accessed from the SIM console

– Automated P2V
Automates the migration of physical servers into VMware ESX/GSX or Microsoft virtual machines

– Automated V2V
Automates the conversion of Virtual Machines between VMware ESX & GSX and Microsoft Virtual Server virtualization layers

– Peer to Peer Migrations
Accelerates the migration process and enables the ability to perform multiple P2V migrations concurrently

– No boot CD required
Simplifies migrations with hands-off approach

Virtual Iron uncloaks its virtualization platform

Quoting from Computer Business Review Online:


The Acton, Massachusetts-based company has recently appointed a new chief executive and changed its name from Katana Technology Inc, as it looks to carve a niche for itself in the data center virtualization market.

Its VFe technology has been under development since 2003 and combines the concepts of bare metal provisioning, server virtualization as practiced by the likes of EMC Corp subsidiary VMware Inc and SWsoft Inc, and clustering and grid technologies.

“We saw those three areas and we wanted to write a single environment that had the attributes of those three separate areas in a single environment,” Virtual Iron founder and chief scientist, Alex Vasilevsky, told ComputerWire. “It’s a virtual computing platform that is decoupled from the underlying computing infrastructure.”

The company differentiates itself from virtual server suppliers like VMware and SWsoft by the fact that its VFe technology enables the creation of virtual machines that span multiple servers and automatically handle workload management between them.

According to Virtual Iron, the building blocks for VFe are x86 processor-based hardware and Infiniband switching fabric. VFe installs the Virtual Iron Foundry layer directly on the hardware to create the virtual computing environment, which can span up to 16 physical servers and manage up to 128 virtual computers.

The technology will support Linux when it is generally available in the second quarter, with other operating systems due to be supported as and when they are demanded by customers. Support for 64-bit processors will also be added later in the year.

Vasilevsky said the beta program for the VFe technology had tested it for its three core attributes: peak load handling without disrupting applications, hardware or services, data center consolidation, and business continuity, although he also maintained “at the end of the day this is a general purpose platform.”

Server virtualization is expected to come to the fore in 2005 as Intel Corp debuts its Vanderpool virtualization technology for IA-32 and IA-64 processors, making it easier to create and management virtual machines.

Additionally, both Red Hat Inc and Novell Corp are expected to include the open source Xen virtualization technology in future versions of their Linux distributions, although no concrete plans have been announced.

Vasilevsky dismissed the impact that the inclusion of Xen could have on its plans to virtualize Linux environments, differentiating VFe from single server virtualization technologies such as Xen and VMware’s GSX Server and ESX Server products.

“It’s two different technologies,” he said. “That’s really taking a single server and carving it up. Single server virtualization we believe will commoditize in two years.” He welcomed Intel’s developments however. “We love hardware platforms coming to market as it enables us to do more,” he said.

Virtual Iron changed its name in January as it appointed John Thibault as president and CEO and confirmed its existing $20m investors as Goldman Sachs, Highland Capital Partners, and Matrix Partners.

Earlier this month it also announced its membership of the Open Source Development Labs Linux promotion consortium and the establishment of an advisory board including Red Hat Inc’s VP of North American sales, Billy Marshall, president of US sales for Sun Microsystems Inc, Richard Napolitano, and former vice chairman of Novell Inc, Chris Stone.

The advisory board also includes experts in computer science, distributed computing systems, and clustering, and will provide consultancy in developing company strategy and technology direction.

VMware going to change its certification exam

VMware is preparing a new certification exam for VMware Certified Professional (VCP) track.
Actual exam, VCP-101, will be renamed as VCP-101E and will not change in contents and questions. The new exam will be introduced on 25th February and will be labelled as VCP-101V, adding questions about VirtualCenter and VMotion. To take this exam candidates will need to attend the new Virtual Infrastructure official course.

On end of April the old VCP-101E will be dismissed completing the migration, but actual VCP-101E certified professionals will not obliged to retake the exam.

VMware Workstation 5.0 expected for March

VMware noticed VIP partners that public announcement and general availability of Workstation 5.0 is expected for March 2005, with a lot of related marketing programs that will help customers embracing the new release.

Workstation 5.0 is actually the most complete and powerful virtualization product on the market and customers, after applying to the beta program, are waiting impatiently for it.

Virtual Iron Software planning a serious market startup

Ex Katana Technologies, Virtual Iron Software is doing some interesting moves to put itself as the only true VMware competitor on the market. Nor XEN (at least until the project won’t be able to virtualize Microsoft operating systems) neither Microsoft are actually able to provide a virtualization solution as complete as the one VMware offers since years.
The upcoming Virtual Iron product, Real-Time Infrastructure (RTI), claims to be able to compete VMware products and the company already did some important moves to support this announcement.

Quoting from Linux Business Week:


Chris Stone, late vice-chairman of Novell responsible for its acquisition of SUSE and Ximian, has surfaced on the shiny new advisory board of Virtual Iron Software Inc, a start-up virtual computing platform outfit in Acton, Massachusetts that has also joined OSDL intending to participate in its Data Center Linux working group.

Virtual Iron says it’s going to deliver an enterprise-class virtual computing platform that enables what it calls a Real-Time Infrastructure (RTI) for rapid resource deployment, lower TCO and freedom from proprietary lock-in.

It claims it can virtualize anything from a fraction of a processor to large-scale multiprocessors. It’s supposed to show off what it’s got at the upcoming Demo and LinuxWorld shows next week.

The company was founded in 2003 under the name Katana Technology Inc by chief scientist Alex Vasilevsky, a grid pioneer and Thinking Machines veteran, along with CTO and head of business development Scott Davis, the former CTO of Mangosoft who in his youth was technical director of DEC’s VAXCluster, VMS Volume Shadowing and DEC’s NT clustering technology.

They thinks they can “reinvent how server technology is utilized in the data center.” Evidently so do Highland Capital Partners, Goldman Sachs and Matrix Partners, which stuffed $20 million in the company.

Virtual Iron has itself a new CEO and president, John Thibault, who previously held the same offices at GeoTel Communications Corporation, the call-center software house that Cisco acquired for $2 billion in 1999 after Thibault took it public. Thibault, who ran for state senator in November and lost, took over from Davis last month.

Besides Stone, Virtual Iron’s glittery advisory board includes Steve Beckhardt, a former IBM distinguished engineer who as co-founder of Ray Ozzie’s Iris Associates helped develop Lotus Notes and Domino and at DEC was a principal architect of the seminal VAXCluster; Dr John Carter, University of Utah professor and researcher into memory coherence, scalable data management an large-scale multiprocessor architectures; Dr Charles Leiserson, MIT professor and head of MIT’s Computer Science and Artificial Intelligence Lab’s Supercomputing Group; Billy Marshall, Red Hat’s former VP of North American sales; and Richard Napolitano, the former CEO of Pirus Networks, the storage virtualization start-up Sun acquired for N1. Napolitano is now president of US sales for Sun.

These guys are supposed to guide the start-up’s marketing strategy and technical direction, advising on partnerships and customer requirements.

Quoting from official announcement:


The Open Source Development Labs (OSDL), a global consortium dedicated to accelerating the adoption of Linux, today announced that Virtual Iron has joined OSDL and will participate in the lab’s Data Center Linux (DCL) working group.

Founded in 2003 by computer industry innovators Scott Davis and Alex Vasilevsky, Virtual Iron Software will deliver an enterprise-class virtual computing platform enabling customers to implement a Real-Time Infrastructure (RTI) – creating more flexible, rapid resource deployment and significantly lowering total cost of ownership and ensuring that enterprises are not locked into proprietary architectures and solutions. Based on open standards, this innovative software platform dynamically creates “virtual servers” from any number of physical servers – from a fraction of a processor to large-scale multi processors.

“Linux continues to gain momentum and market share in the corporate datacenter and we are committed to working with the open source community to further its acceptance,” said Scott Davis, executive vice president, CTO, Virtual Iron Software “We believe that our experience in building a comprehensive virtualization platform specifically for Linux will provide valuable benefits back to OSDL and we look forward to joining with the Data Center Linux working group to further advance adoption of Linux in the enterprise.”

“As enterprises move from legacy systems to Linux servers at the core of the network, OSDL will benefit from the expertise of enterprise infrastructure software companies,” said Stuart Cohen, CEO of OSDL. “We’re delighted that Virtual Iron is joining OSDL and we are eager to work with their team.”

I hope someone from Virtual Iron is reading my blog and would contact me for an early technology preview.

Egenera Releases BladeFrame 4.0

Quoting from BusinessWire:


Egenera Inc., a global leader in utility computing, today announced Release 4.0 of its Egenera BladeFrame system, strengthening the Company’s leadership in datacenter virtualization and utility computing.

“As always, the primary driver for the functionality in this release was input from our world-class customers,” noted Vern Brownell, founder and CTO, Egenera. “The Egenera BladeFrame system’s unique high availability and utility computing solutions have both been expanded with Release 4.0, which we believe further extends our 18-24-month market lead. Our continued focus on driving complexity out of the datacenter is also evident, with an enhanced graphical user interface and the ability to dynamically change server characteristics in seconds.”

Leveraging the richness of the Processing Area Network (PAN) architecture, Release 4.0 extends the Egenera BladeFrame system’s adaptability and utility computing capabilities, including:

Modification of Running Servers: Customers are now able to modify the configuration of a running server on the fly–without shutting down, interacting with hardware, interrupting service or impacting the user. In seconds, and entirely through software, a system administrator can add, remove or change the properties of Ethernet ports, disks and DVD drives; modify a server’s failover policy; alter boot characteristics; and change a server’s name/description. These enhancements compress the time required to modify datacenter infrastructure, speeding time to market for new or enhanced applications.

Virtual Machine Management: Release 4.0 enriches the synergy between the Egenera BladeFrame and VMware GSX Server virtual machine (VM) technology. Since VM functionality is often used to run multiple applications on a single server, it is imperative that the server be highly available. Without impacting running systems, the BladeFrame now provides seamless, automatic failover of virtual machines–functionality uniquely enabled by the PAN architecture. Moreover, the BladeFrame system’s I/O consolidation eliminates the need to cross-connect and/or cross-configure multiple servers to external storage, which is required to achieve failover with other products.

Chargeback: With Release 4.0, the Egenera BladeFrame captures detailed configuration information into an industry-standard XML format. This flexible approach enables customers to specify precise timeframes for collection and to choose the best-of-breed chargeback application that meets their individual requirements. Coupled with the BladeFrame’s repurposing and N+1 high availability, chargeback enables an end-to-end utility computing solution.

Enhanced Multicast: With Release 4.0, Egenera has improved the BladeFrame system’s native distributed multicast performance by up to 9x, providing the performance enterprise customers need to maintain and extend their competitive advantage.

Open Standards: With Release 4.0, the Egenera BladeFrame provides support for standard SCSI-II reservations, enabling customers to run products such as Microsoft Cluster Server while eliminating the SCSI-II reservation requirement from back-end storage devices. Likewise, users now have access to native support for EMC PowerPath. Egenera’s commitment to open standards enables customers to leverage industry-leading technologies from within the BladeFrame’s utility computing environment.

Enhanced GUI: Egenera has enhanced the BladeFrame graphical user interface (GUI) to be simpler, more useable and more intuitive. Cleaner page views, fewer clicks and graphical representation of system objects hide complexity from users, speed administrative tasks and improve system performance. The enhanced GUI enables datacenters to do more with fewer, less-skilled IT personnel, lowering ongoing operational costs.

Commercial availability of Egenera BladeFrame Release 4.0 is effective immediately

Interview with Alexander Grechishkin of Guest PC

OSNews interviewed Lismore Software Systems CEO, Alexander Grechishkin, just entered in virtualization market and competing with Microsoft on MAC platform:


Today we feature a mini-interview with Alexander Grechishkin, CEO of Lismore Software Systems, Ltd. The company came to spotlight recently after their release of their x86 emulator for Mac OS X, Guest PC. We also include three screenshots of the application.

OSNews: Is Guest PC written from scratch, was it ported over OS9 or does it use another engine (e.g. Bochs)

Alexander Grechishkin: Lismore Software Systems, was one of the companies that released PC emulator for Macintosh. Our product, Blue Label Power Emulator for classic Mac OS, was released a little bit later than the one by Connectix and Insignia in 1996. Guest PC is a fully rewritten emulator based on the Blue Label. We had lots of feedback and recommendations from our users, we have changed our product so that it would meet users requirements.

OSNews: What are the main features of GuestPC and what are its advantages over Microsoft’s solution?

Alexander Grechishkin: Our competitor is Virtual PC standalone version, comparing to it I would say:

– our emulator is bundled with a preinstalled DOS
– we have a built-in Windows setup assistant that allows to easily install Windows
– officially we support all Windows version unlike VPC that supports Windows XP and 2000 only
– our price is more adequate – $69.99 vs. $109.99
– we have a more reasonable upgrade policy to upgrade to Guest PC from any BLPE you will pay 34.99 but not $77.99. Moreover, the following Guest PC version will be free for our customers.

OSNews: What are the system requirements of Guest PC? What is its price?

Alexander Grechishkin: Guest PC only requires Mac OS 10.3 or later, no other limitations. Guest PC is available at $69.99.

OSNews: What operating systems are supported? Have you tested with Linux or FreeBSD?

Alexander Grechishkin: Officially now we support all Windows versions, some Linux versions will run, however we do not support them in the full volume.

OSNews: Do you have plans to port your emulator to Linux for PPC?

Alexander Grechishkin: We are not going to port the emulator to Linux PPC, however sometimes ago we had negotiations regarding this issue.

Linux 2.6 kernel to include Xen

Quoting from CRN:


A forthcoming update to the Linux 2.6 kernel will incorporate the Xen open source virtualization technology, said the man who maintains the Linux kernel.

At the Enterprise Linux Summit, Andrew Morton — Linus Torvalds’ right-hand man and maintainer of the Linux kernel for the Open Source Development Labs (ODSL) — said he will incorporate the Xen virtualization code “in the near future. ”

He would not say if the virtualization code will be rolled into the Linux 2.6.11 update. Available in February, that update will support Infiniband.

“I came this close to merging Xen [into the Linux kernel] a couple of months ago, but we decided it was not the way to do it,” said Morton, noting that the Xen developers need to polish the code. “It’ll go in four weeks after we get it.”

An open-source project out of University of Cambridge in England, Xen has growing ties with Red Hat, Novell and Hewlett-Packard and has emerged as the leading contender for providing open-source virtualization for the Linux environment.

Morton said there is significant demand for the capabilities enabled by virtualization, including server consolidation and workload management. Virtualization enables customers to run multiple virtual machines — and thus multiple operating systems and applications — on a single server.

The fast-growing software category was pioneered by VMware, which provides its flagship ESX virtualization server software on Linux and Windows. VMware — as well as competitors SWSoft and newcomer Virtual Iron — are expected to launch enhanced version of their products for the Linux environment in two weeks’ time at LinuxWorld Expo.

Torvalds and Morton, the top two managers of the Linux kernel who work for the OSDL, now plan to release interim updates, with new features and patches, every two months. That’s a marked difference from past practice. “The traditional model of Linux kernel development in the past 10 years is we make available an unstable kernel, then a stable kernel,” every two- or three-year period, said Morton.

Neither Torvalds or Morton would specify the core features for the next update, but Morton did say a future build will include an NFS 4 updated file system, clustering file support and Infiniband. Torvalds said the OSDL plans to include improved support for laptops and 3-D graphics by getting more hardware vendors to develop USB drivers and other drivers for Linux.

VMware ESX Server 3.0 will support iSCSI

A post appeared today on VMware Community Forums reveals that upcoming ESX Server 3.0 will bring native iSCSI support, a most wanted feature for the high end VMware product. A date for ESX 3.0 also emerges: August/September 2005. I really feel hard to respect such a date, even considering GSX Server upgrade is expected to start immediately after Workstation 5.0 release.

The poster claimed this information was leaked by a NetApp developer.