Year: 2006

Here a very interesting topic both for virtualization.info and SECURITY ZERO, my blog about infosecurity.

Quoting from eWeek:

Lab rats at Microsoft Research and the University of Michigan have teamed up to create prototypes for virtual machine-based rootkits that significantly push the envelope for hiding malware and that can maintain control of a target operating system.

The proof-of-concept rootkit, called SubVirt, exploits known security flaws and drops a VMM (virtual machine monitor) underneath a Windows or Linux installation.

Once the target operating system is hosted into a virtual machine, the rootkit becomes impossible to detect because its state cannot be accessed by security software running in the target system, according to documentation seen by eWEEK.

The prototype, which will be presented at the IEEE Symposium on Security and Privacy later in 2006
…
The group said the SubVirt project implemented VM-based rootkits on two platforms — Linux/VMware and Windows/VirtualPC — and was able to write malicious services without detection.
…
The group used the prototype rootkits to develop four malicious services—a phishing Web server, a keystroke logger, a service that scans the target file system for sensitive information and a defense countermeasure to defeat existing VM-detection systems.

The researchers also used the VM-based rootkits to control the way the target reboots. It could also be used to emulate system shutdowns and system sleep states.

Read the whole article at source.

My comments on this article at SECURITY ZERO.

On January Microsoft released a webcast Level 200 I missed:

This Support WebCast talks about Microsoft SQL Server 2005 and the many new clustering features that it offers. This session discusses these new features. It also provides step-by-step instructions about how to install SQL Server 2005 clustering on Microsoft Windows Server 2003. This WebCast demonstrates all the installation steps using Microsoft Virtual Server configured as a Windows Server 2003 cluster.

Take a look at presentation slides here, download the video here, or watch it in streaming here.

Thanks to Virtualserver.tv for the news.

Quoting from ZDNet:

…
“As we build future implementations, we’re making things perform better within the constraints of the architectural foundation, but without requiring software changes. Then we’re also extending the architecture,” Richard Uhlig, senior principal engineer at Intel, said during an interview at the Intel Developer Forum.
…
One planned improvement is a feature called extended page tables, an idea similar to an AMD virtualization technology called nested page tables. Both technologies speed up a facet of virtual machines dealing with memory.

In a computer without virtual machines, the operating system expects memory addresses to start at zero and work their way upward. But with many virtual machines sharing a computer’s memory, zero isn’t the starting place, and memory addresses skip from one patch to another, Uhlig said.

Consequently, one important job of a hypervisor is “page table shadowing,” which translates a virtual machine’s memory addresses to the real ones used by the actual computer. The more translation is required, the slower the virtual machine runs, and with programs such as databases that constantly switch among different patches of memory, the performance penalty can be anywhere from 10 percent to 25 percent, Uhlig said.

New versions of VT will get a feature called the page table walker, in which the processor rather than the hypervisor keeps track of that memory issue, he said. The overhead imposed “doesn’t drop to zero,” but will be much faster than the software-based function, Uhlig said.
…
But more sophisticated changes to networking are farther off because they require changes to the PCI standard that network cards and many other add-on devices use. For example, one idea that Intel plans to support is the splitting of a network card’s capacity among different virtual machines.

Work is under way at the PCI Special Interest Group to add features that will permit such splitting, said Rajesh Sankaran, an Intel senior staff researcher. The new specification is due later this year, and the first products supporting it are expected in 2007, he said.

Read the whole article at source.

Quoting from the Emulex official announcement:

Emulex Corporation, the most trusted name in storage networking connectivity, today announced the industry’s first demonstration featuring Linux-based server virtualization combined with industry-standard N-Port ID Virtualization (NPIV) technology in Europe. Emulex has teamed with Novell to showcase the benefits of leveraging its industry-standard NPIV-based LightPulse Virtual HBA technology within a Fibre Channel environment using Xen 3 technology and tools provided by Novell as part of Novell’s next SUSE Linux Enterprise Server.

Enterprise data centers are increasingly looking to virtual server technology for consolidation, increased resource utilization and management flexibility. The Emulex LightPulse Virtual HBA technology in conjunction with Xen 3, enables each virtual machine or guest operating system to own and access a dedicated World Wide Port Name (WWPN), even when several virtual machines are sharing the same physical host bus adapter. This new capability enables each guest to be managed independently, using SAN best practices for security and configuration management, such as fabric-based zoning and storage Logical Unit (LUN) mapping…

Quoting from the Unisys official announcement:

Unisys Corporation today announced that it has expanded its relationship with VMware Inc., the global leader in virtual infrastructure software for industry-standard systems. Under terms of the expanded relationship, Unisys will now offer the enterprise-class suite of VMware virtual infrastructure products on its ES7000 Server portfolio.
…
The suite includes VMware ESX Server with Virtual SMP and VMware VirtualCenter with VMotion technology. In addition, Unisys intends to certify its ES7000 for use with VMware ESX Server.
…
In expanding the VMware virtual infrastructure products Unisys will offer, Unisys will further enhance its ES7000 family of server-based solutions…

VMware just released a new build (22088) of upcoming Server product (formerly GSX Server).

While it seems there are no features here what issues have been fixed:

• Virtual SMP virtual machines suspend automatically after 24 hours.
  In beta release build 20925, VMware Server automatically suspends a virtual machine configured to use Virtual SMP after 24 hours of continuous operation. To correct this issue, upgrade to VMware Server beta build 22088.
• Virtual machine might fail to power on when debugging is enabled.
  In beta release build 20925, your virtual machine might fail to power on, and VMware Server displays the error message: “Operation failed to change the VM to the expected power state.” To correct this issue, upgrade to VMware Server beta build 22088.
• Unable to create new virtual machine over SSL connection.
  In beta release build 20925, attempts to create a new virtual machine over an SSL connection might fail. By default, the VMware Server Console connects to the VMware Server host using SSL. To correct this issue, upgrade to VMware Server beta build 22088.
• “Socket issue” reported when attempting to create virtual machine.
  In beta release build 20925, VMware Server sometimes fails to create a new virtual machine and displays the error message: “An operation was attempted on something that is not a socket.” To correct this issue, upgrade to VMware Server beta build 22088.

The final release of this product is expected for Q2 2006.

Download it here.

Quoting from the SWsoft official announcement:

SWsoft, the leading provider of operating system virtualization and automation tools, today announced its Virtuozzo support of Intel® Virtualization Technology (VT) capabilities, including the recently unveiled Intel Virtualization Technology for Directed I/O (VT-d) specification.

By supporting Intel VT and Intel VT-d, Virtuozzo will offer customers additional levels of manageability, security, isolation and I/O performance.
…
The SWsoft Virtuozzo product release with VT support is scheduled for later this year. Virtuozzo VT-d support will follow in conjunction with platform availability…

If you are interested in Virtuozzo you could read virtualization.info review of Virtuozzo for Windows 3.5.1

A Swiss VMware partner, Kybernetika, had a great idea: setup a complete ESX Server & VirtualCenter infrastructure and lease it for absolutely uncapped remote use.

The real good is that you can manage the whole infrastructure remotely, connecting via Remote Desktop to a Windows virtual machine offering physical servers management panels, ESX Server and VirtualCenter web and binary consoles.

The infrastructure, called Testcenter, actually offers following hardware:

• 3 Server HP Proliant DL380 (2-ways)
• 1 SAN HP MSA1500
• 2 Network Gigabit Switch HP ProCurve 3400cl-48G (redundant, deployed on a dedicated DMZ)
• 2 UPS APC (redundant)

Kybernetika offers you a whole set of operation systems ISOs trials and all VMware and Vizioncore softwares to create from scratch any kind of configuration.

I personally tried it from Italy, setting up a whole ESX Server 2.5.2 and VirtualCenter 1.3.1 datacenter, working with VMotion without problems.

The rent price is of 250 CHF, which are quite 160 Euros / 190 US Dollars, for 5 days.

Absolutely recommended for preparing to VMware Certified Professional (VCP) exams or improve confidence with VMware technologies.

Microsoft has confirmed me that the upcoming vNext reported for the first time by Steven Bink at the end of 2005, has finally been named Virtual Server 2005 R2 Service Pack 1, as I speculated just yesterday.

It will be a free update for R2 customers, featuring:

• Intel Virtualization Technology and AMD I/O Virtualization Technology CPUs support
  This won’t further improve performances of Windows guest OS but will improve other OSes performances.
• Windows Server 2003 Volume Shadow Service (VSS) support
  Contrary to what I reported before this feature will permit virtual machines live backup.

The beta program will start 2Q06 with RTM expected within 6-8 months, depending on customers feedbacks on stability.

Massimiliano Daneri, creator of the worldwide known perl script VMBK for live backup of ESX Server virtual machines, is working on another great project: VMCL.

VMCL is a clustering software for VMware ESX Server based on the Linux-HA project, able to syncronize virtual machines between different host OS.

Actually there is no documentation available but the beta program just started and you can download beats here.