Year: 2006

Altiris and Network World arranged a new webcast about application virtualization for September 13th:

…
Learn how software virtualization:

• Reduces the cost of deploying and maintaining applications
• Peacefully coexists with, and adds value to, other forms of virtualization
• Combined with software streaming, improves end-user experience and productivity, and further reduces demand on IT resources

Register for the webcast here.

3 years ago I started this blog.

In this day, one year ago, I was counting 80,000 visits.
Today I can count nearly 1 million.

I’ve put a lot of effort in this project so far and will continue this way: expect new great things in the coming weeks.
Meanwhile I would ask every reader today to submit suggestions and wishlists for a better virtualization.info.

To celebrate this year I would like to re-publish an interview SearchServerVirtualization arranged with me some months ago:

Andrew Kutz: You are one of the most well known, if not the leading, evangelists of virtualization on the internet today. Your roots, however, are in information technology security. What is your take on the relationship information technology security and virtualization?

Alessandro Perilli: Being a security professional means, among others, dealing all the time with a lot of different platforms, multi-tier products and networking devices.
Just think about testing a new exploit against several kinds of Windows or Linux operating systems. Or about testing a network intrusion detection system features: the simplest scenario would involve an attacking platform, a target one and a firewall in the middle.

Setting up a laboratory can be very expensive and you need a lot of time to restart from scratch before beginning to test a new scenario.
When I saw virtualization for the first time I immediately understood I would be able to create a security-lab-in-a-box without much effort, cutting away reinstallation times.

I also immediately felt virtualization could be used for some virtualization purposes, like sandboxing and honeypotting. So it soon became the mandatory companion of my security toolbox.

AK: Your accreditations in security speak for themselves, but what is your level of experience with the current crop of virtualization technologies (VMware, Microsoft, Xen, Parallels, Vanderpool/Silverdale, Pacifica, etc…)?

AP: In early days of modern virtualization I’ve been involved in virtualization projects with VMware and Microsoft technologies as soon as they became a viable solution for corporations.
Then, thanks to virtualization.info, my work expanded to many if not all products available in this niche.
At today I extensively test, and implement among several customers, the large majority of technologies out there, from platforms to P2V tools, passing through provisioning automation or disaster recovery.

If a new virtualization technology or product is out I work on it within one or two months.

AK: These days, almost anyone can start a blog and claim expertise on a wide variety of subject matter. Do you have any advice to give to IT professionals that can help them gage the worth of an information source when it pertains to virtualization?

AP: Sure: don’t follow the virtualization.info model. Don’t misunderstand me: I’m not saying so to avoid competition.
virtualization.info was born to fill a need of three years ago: aggregate scattered news about an emerging technology to understand trends and what product was out.
Today that virtualization is starting to be widely adopted this need is changed and virtualization.info itself had to extended its mission accordingly.

Start a new blog now doing what virtualization.info did three years ago is useless.
Customers are looking for some valuable content, not for another ten blogs publishing same news again and again, just changing the title or the quote cut.
Also, everybody with enough experience in blogging knows that news aggregation can be completely automated with some tools out there and there is no expertise at all in this.

At this point of the virtualization industry’s evolution I feel customers are mainly looking for technical tips because implementation is still the big issue these days.
Any blog providing such content would be considered a valuable information source.

AK: You founded the False Negatives project to help provide security consulting and training in Italy. Do you have any plans to expand this to include virtualization, and if so are you hiring? 🙂

AP: False Negatives is a project meant just for some high level security consulting, like strategical advisory or architectural designing and there are no plans at the moment to expand offering for virtualization outsourcing services.

But I can’t say there are no opportunities in this direction: virtualization.info is acting as a hub for vendors, system integrators, virtualization professionals and customers both in US and in EMEA.

I’m not hiring but I accept resumes from virtualization experts in every company department, from engineering to marketing.

You can consider virtualization.info a sort of virtualization head hunter, where best experts worldwide have a chance to be engaged by top players in the market.

AK: You have positioned yourself as primarily an aggregator of virtualization news, but you rarely give your personal opinions on the subject. On Tuesday, May 23rd, 2006, Paul Murphy claimed that modern virtualization is being sold as a solution to a problem the industry no longer has. What is your personal take on the current state of virtualization and where do you see it not only a year from now, but 3 years as well?

AP: I believe it’s quite evident modern virtualization is still at its infancy.
We still have to solve fundamental problems about implementation and support, and I think it’s natural we are still concentrating on obvious applications of the technology, like server consolidation, which could be not the best solution for every customers.

I don’t see big changes within 1 year from now: some vendors have still to prove their virtualization platforms are fast and reliable enough, others have still to prove their virtualization tools are useful, others have still to provide products support in virtual environments. And this is a slow process which won’t substantially change within 1 year.

Within 3 years, more probably 5, virtualization solutions will be more evolved and will start to offer experimental datacenter automation.
I imagine scenarios where, for example, virtual machines clone themselves and enable load sharing when performances go under a certain service level agreement.
Or virtual machines invoking a snapshot when a network attack is detected, sending attacker’s hard disk modifications to the security department.

In the middle term I believe virtualization is the path to something bigger than what today security vendors abusively calls self-defending network. Something I would rather call adaptive datacenter.
In this picture today’s vendors offering so called virtual lab automation solutions will be a key player tomorrow.

AK: I am a fan of open source software, especially of Tim O’Reilly’s idea of software as another commodity. Openness alone will not win Xen VMware’s current market dominance though. The formation of XenSource was a huge step, but what else do you think needs to happen for Xen to become a viable alternative in the eyes of IT managers everywhere to VMware?

AP: At today Xen has two problems: first of all has to offer Microsoft Windows support. We know this is about to happen this year thanks to hardware aid from AMD and Intel.
Secondly it has to provide management tools permitting more customers to embrace Xen paravirtualization even with limited knowledge of Linux. Also in this case there are companies like XenSource itself, Virtual Iron and recently Enomaly which are offering or are going to offer solutions in this direction.

A third critical point would be pushing the market to officially state products support in Xen paravirtualized infrastructures.
Without a wide applications’ vendors support there are few chances companies can seriously consider Xen adoption.

AK: On April 3rd, 2006, the Computer Business Review discussed the state of application virtualization.
Just a few days ago on May 19th it was announced that Microsoft is in talks to buy Softricity, one of the leading manufacturers of application virtualization solutions. Application virtualization is quite obviously the new hotness, but in your opinion where does it fit in the bigger picture?

AP: I think application virtualization is a fundamental companion of server virtualization.

In every day’s productivity end users need to address application compatibility, co-existence, testing and portability issues. Application virtualization is much more suitable to solve these problems than server virtualization, because in some senses is simpler and faster to use, requires less resources and has a lower impact on performances.

So I believe that, while server virtualization will fill datacenter needs, application virtualization will satisfy requirements in the client area, making the most from the whole infrastructure.

AK: On a purely technical level it seems that AMD’s Pacifica virtualization technology may best Intel’s own VT, if only for the fact that AMD’s CPUs include a memory controller that will be VT aware out of the box, while Intel’s separate memory controller will not be VT ready until 2007. On paper this could mean that the AMD chips will be faster at handling VT. I find this tidbit of information interesting because it shows that as the interest in virtualization grows, so must the hardware support for it in order to meet consumer expectations. To me the next piece of hardware that needs to build support for virtualization is the video card. Until this happens roommate OS installations (the term for side-by-side OS installations on a machine with a hypervisor) will not be able to run graphic-intensive applications at bare-metal speed. Do your sources have any information regarding what ATI and nVidia might be doing, and do you think that this is a logical step or simply a pipe dream?

AP: It’s true that one of the most emerging requests for virtualization use is 3D/CAD development. And there are some rumours, mainly fed by a specific Apple patent requested in 2002 and recently granted.

I’m not a graphic expert so I can’t say if modern video adapter already have hardware requirements to accommodate something I would call video partitioning, but we have to note the market trend is actually going in the opposite directions: solutions like the nVidia SLI or the ATI CrossFire aim to aggregate rendering power, not to partition it.

I also think that while I heard some customers asking for reliable 3D support in virtualization products, the market request is still too low to make it happens today.

AK. I e-mail you out of the blue and say: Alessandro, I want to learn about virtualization and what it can do for me, where do I start?
What is your response?

AP: When I started approaching virtualization there were neither books nor vendors courses (and still today I strongly believe there is a significant lack of training material).
I learned a huge amount of things silently following newsgroups for years.
Still today the most precious source of knowledge and real-world case studies is the community.

So my suggestion is: read books you find about the product you need to learn, but never forget to carefully monitor all web forum, newsgroups and blogs out there covering virtualization.
There is no book updated enough or complete enough able to offer you same level of broadening.

Thank you for reading and enjoy your stay.

Phillip J. Windley and his student Terry Wilcox published a very interesting 32-pages paper about VMware ESX Server 2.5.2 virtual machines performances depending on amount of assigned virtual RAM and enabling of Intel HyperThreading or vSMP:

We present a summary of our evaluation of VMWare ESX Server 2.5.2. In particular we confirm and work around known timing issues with guest operating systems running on ESX server. Our work validates and adds to the work of other groups modeling the behavior of ESX Server during CPU intensive workloads by exploring in more detail the effects of Hyper-Threading and the overhead of Virtual SMP.

We report and measure a previously unknown performance penalty for allocating too much RAM in virtual machines with Linux as the guest operating system.

This paper also describes the testbed we used to manage and run our tests including a virtualization test management system we developed to run the tests we performed.

We describe timing issues that affect performance testing on ESX Server and a method for measuring runtimes that gives accurate results.

Reported conclusion are extremely appealing:

• Single CPU virtual machines scale better than virtual machines using Virtual SMP
• Hyper-Threading increases throughput if there are a large number of virtual CPUs, but makes no difference if the number of virtual CPUs is less than or equal to the number of physical CPUs
• Do not allocate excessive resources to virtual machines. Additional resources may hurt performance

Read the whole paper at source.

Technical Architecture Solutions, a VMware Authorized Consultant (VAC), released a very interesting free tool for perform virtual machines hot backup on VMware ESX Server 3.0 platform:

Vi3Backup is a wrapper that we?ve written to put around vcb at the console level to make it easier for people to perform full machine snapshots. It?s trying to do some of the things that VMBK did within Vi3.

It?s been designed to be run at Host level rather than VirtualCenter and by default will export all running machines to a directory of your choice. Optionally it will also compress the file, store multiple copies and allow you to set exclusion lists for VMs that you don?t want backed up.

Whilst it?s ready to go as a cron job for scheduled snapshotting it?s also got an interactive mode so that it can be used to quickly enumerate the running machines on an individual host.

Download it at source.

Quoting from the VMware official announcement:

We know that you’ve been making the most of virtualization to create innovative environments and applications for improving IT performance, minimizing system downtime, and reducing the cost and complexity of delivering enterprise services. Now it’s our turn to celebrate your creative and innovative efforts.

To honor customers who are taking full advantage of virtualization technology, VMware is proud to announce the Virtual Vanguard Awards Program. This annual awards program will highlight customers who are using VMware software to solve mission-critical enterprise issues and build leading-edge IT infrastructure.

Get the recognition you and your team deserve for solving your company’s business-critical needs with virtualization: send us your story today!

We’re looking for nominations in the following four categories:

• Best Overall Return on Investment (ROI) and Operational Benefits
• Most Comprehensive VMware Infrastructure
• Most Mission-Critical Application in Production
• The Vanguard Award for Innovation

The official awards ceremony will be held on November 7, 2006 at VMworld 2006 in Los Angeles , California.

After a hot summer of statements against Novell rival and critiques from the community for delays, Red Hat Enterprise Linux 5 finally appeared as public beta.

This 5th generation introduces a new packaging structure, organized in 3 roles for Server Edition and 3 roles for Client Edition.
In both of them has been introduced the much awaited Xen integration with the Virtualization role.

For this integration, available for all architectures (x86, x64 and IA64), Red Hat introduced a new Gnome application called Virtual Machine Manager, able to configure, monitor and remotely view Xen virtual machines.

Read the official announcement to understand how to download RHEL 5 beta 1 and unlock packaging roles.
Download Virtual Machine Manager here.

The virtualization.info Virtualization Industry Roadmap has been updated accordingly.

The Inquirer published an article and a slide about the curret AMD roadmap.

The slide reveals AMD plans to launch I/O Virtualization in 2008.

Its competior Intel plans to offer a similar feature in H2 2007 with the chipset Bearlake, implementing the new extension Virtualization for Directed I/O (VT-d).

The virtualization.info Virtualization Industry Roadmap has been updated accordingly.

Intel codename LaGrande Technology (LT) is the Intel implementation of the Trusted Computing (TC) concept and is expected for the H2 2007 within the Intel Bearlake chipset (which will used with quad-core Intel Kentsfield CPU, expected Q1 2007).

Joseph Cihula, Linux Software Security Architect at Intel, posted on the Xen-devel mailing list a preliminary patch for the open source hypervisor introducing support for it:

…
The LT functionality this code adds is:

• Measured Launch
  If the processor is detected as being LT-capable and enabled then the code will attempt to perform a measured launch. If the processor is (not capable) or (capable but not enabled) or (capable and enabled but the launch process fails (missing SINIT, corrupted data, etc.)) then it will fall-through to a non-LT boot
• Teardown of measured environment
  When Xen exits the LT environment will be torn down properly
• Reset data protection
  LT HW prevents access to secrets if the system is reset without clearing them from memory (as part of a LT teardown).
  This code will support this by setting the flag indicating that memory should be so protected during the measured launch and clearing the flag just before teardown
• Protection of LT memory ranges
  LT reserves certain regions of RAM for its use and also defines several MMIO regions. These regions are protected from use by any domains (including dom0).
  Note that there a sub-regions of the MMIO space that are left accessible to dom0 (LT public configuration space, TPM localities 0,1)

Read the whole thread and download the patch at source.

If you tried to install last Microsoft Windows Vista build (5600 aka RC1) on VMware Workstation 5.5.2 instead of Server 1.0.1 you sadly discovered the setup process hungs on Windows is loading files.

It’s nothing unexpected since Vista is still not supported on Workstation 5.5.x.

Anyway a VMware user posted a simple solution on VMTN Forums: just edit the virtual machine configuration file (.vmx) to include:

svga.maxWidth = “640”
svga.maxHeight = “480”

Other users already reported the trick works.

Joel Spolsky finds odd Microsoft didn’t verify compatibility with a so popular application like VMware Workstation.

I don’t have enough elements at the moment to further comment on this, but there are two important points I would like to underline:

• it’s univerally clear Microsoft is not considering this Release Candidate as a test-for-shipment product. So everybody should behave accordingly, accepting Vista is still breaking compatibility with major applications at this point.
• if Microsoft is trying to distrurb VMware work (which I sincerely don’t believe) would have planned such joke for RTM build timeframe

Sometimes an error is just an error.

Ben Armstrong published a great tip for checking availability and use of Intel Virtualization Technology (VT) enhancement by Microsoft Virtual Server 2005 R2 SP1 beta 2:

Enable hardware virtualization on a virtual machine (under General properties), start the virtual machine, open PerfMon and select to look at the HVM-VP is in HVM mode counter under the Virtual Processors object.

If this is reporting 0 – then Virtual Server is not able to use hardware virtualization on your computer. If this is reporting 1 – then Virtual Server is able to use hardware virtualization on your computer…

Be sure to check the original article for updates and comments.