Year: 2007

Quoting from InfoWorld:

SWsoft, the company behind the Parallels Desktop virtualization software for Macintosh, expects to release a beta version of a server edition of the software in the next four to six weeks.

…

Some of the features of Parallels Server, such as full 64-bit support for host and guest operating systems, and support for multiprocessor VMs, should also appear in the next major version of the desktop edition, due in the first half of next year, said Rudolph…

Read the whole article at the source.

VMware products are not the only ones suffering security vulnerabilities. The wider audience the bigger chances to find out developers errors in every software, in every industry.

So after bugs which obliged VMware to release new Workstation 6.0.1, Player 2.0.1, ACE 2.0.1 and Server 1.0.4, it’s now Xen turn.

Quoting from Secunia:

Joris van Rantwijk has reported a vulnerability in Xen, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to an input validation error in tools/pygrub/src/GrubConf.py. This can be exploited by “root” users of a guest domain to execute arbitrary commands in domain 0 via specially crafted entries in grub.conf when the guest system is booted.

The vulnerability is reported in Xen 3.0.3. Other versions may also be affected.

Grant only trusted users “root” privileges to guest domains.

Read the whole securiy bulletin at the source.

Since Xen is used as virtualization engine by XenSource, Virtual Iron, Novell and Red Hat, all of their commercial solutions may be affected by the same vulnerability. Check with vendors to confirm this.

In the last months Virtual Desktop Infrastructure (VDI) approach (as VMware use to call it, hosted virtual desktops elsewhere) got a lot of traction, with notable vendors like Sun jumping in the market along with new startups (Qumranet is the last one in the timeline).

Along with vendors, some customers start to consider VDI approaches as valuable alternatives to well-known terminal services approaches.

Dave Caddick, Enterprise Architect at Neoware (now acquired by HP), describes an interesting scenario where VDI seems better:

Greenfield Design Criteria for 5,000 Users:

• 60% Task based workers suitable for Thin Clients = 3000
• 30% Knowledge Workers suitable for VDI = 1500
• 5% Developers or similar suitable for PC’s = 250
• 5% Mobile Workers with Laptops = 250

Of the mobile workers with Laptops I would think that 60% (or more) of these could be provided with Mobile Thin Clients

60% of 250 = 150 with Mobile Thin Clients and 40% of 250 = 100 with traditional Laptops

…

Conclusion:

So on initial inspection we would appear to have:

• VDI = USD 400 per user (exc. costs of Desktop License)
• Citrix = USD 562 per user (exc. costs of TSCAL)

And to me this looks like it’s quite favourable to Citrix, when you add the cost of the Desktop License then the advantages of a Citrix deployment with it’s ease of use, readily available skills, mature product set and features, it’s almost a no-brainer?

However, as discussed above, if you change the figures to reflect that you can only achieve a max. of 40 users per server then it starts to tip the other way. Now we have a 17K server and 14K of Citrix Licensing only supporting 40 Users and the server cost per user now becomes USD 775.

Although VDI is currently “in vouge” I would have not thought that VDI can match the “Bang for the Buck” that can be achieved by Terminal Server/Citrix Installations, however I am now thinking that it’s quite likely that other people’s numbers won’t neccessarily be the same as mine and this could be based on a wide number of factors. So this then may be very influential in peoples perceptions and may well have an impact on what the numbers are calculated to be in ROI’s and TCO’s before commencing a project…

And even Brian Madden, well-known terminal services expert, is reporting a scenario where VDI was a better solution:

…

Let’s start at the very beginning. Gabe and I worked with this university six months ago. They were not using any server-based computing or streaming or anything like that. It was a brand new environment. They had four scenarios (or “use cases”) they wanted to enable:

1. There are 1200 lab workstations throughout campus. Users need to be able to walk up to any one of them and access any of 200 applications. The users also need access to their own data and profiles.
2. They want to publish a remote desktop via server-based computing to people so that they can access the “lab workstation” from their dorm rooms or off campus.
3. They want to publish individual applications (as opposed to a full desktop like in Scenario 2) to users on their own computers.
4. Longer term, they want people to be able to run these applications locally on non-university-controlled workstations (i.e. student laptops), and they want this to work offline.

…

Why no Citrix? (Well, other than Ardence, which is now owned by Citrix.) The problem with Citrix in the server-based computing market is that their desktop server product is a completely separate product from Presentation Server. Even when Desktop Server version 2 comes out, it’s still a separate farm, a separate database, and additional licensing on top of the $500 per user or whatever Presentation Server costs these days.

Provision comes in with their single product at something like $100 per user which supports Terminal Server-based and VDI-based SBC models in the same product, and it also provides the seamless application publishing from Windows XP VMs which is perfect in this case and not even on Citrix’s roadmap. So Provision is a no-brainer.

As for using VDI instead of Terminal Server for the published desktops and applications, this means the university gets broad application compatibility and can use the same desktop images everywhere, and it only costs them USD $6,000 per 50 concurrent users instead of $3,000. Really that’s not too bad from a capital cost standpoint when compared to the fact that they have a much easier time managing the thing and they don’t have to figure out local solutions and more servers for non TS-compatible apps…

This year attendees of VMworld 2007 received a pleasing surprise: a 1GB USB key with a beta version of upcoming ESX Server 3i.

When one of 3i supported servers is not available for a trial deployment, users may want to install the beta inside a virtual machine, which is not exactly an easy goal to achieve.

To simplify the whole operation David Davis, created a nice 16-minutes webcast which explains how to extract the ESX Server 3i image from the USB key and run it inside a Workstation 6 virtual machine.

Watch the whole video here.

InfoWorld published a comparison between the three most popular application virtualization platforms: Microsoft SoftGrid 4.2, Symantec SVS Pro 2.1 (acquired by Altiris) and the just released Thinstall Virtualization Suite 3.2.

Winner is Symantec SVS with a score of 7.5/10 but other products received very similar ratings. Bottom lines for each one are:

• Symantec SVS Pro 2.1
  SVS gains in partner AppStream a much needed streaming capability to support its already robust virtualization layer. The combined solution allows applications to be launched from a Web browser, and headless services are supported. However, the level of integration between the OEM components is imperfect and simple deployment tasks require too many steps, not to mention the slow initial response time for virtualized applications. Still, it’s the closest thing to “click ‘n run” on the market today.
• Microsoft SoftGrid 4.2
  SoftGrid has changed little since our previous review. Strong points are tight integration with Active Directory and a well-optimized streaming model. However, it still suffers from usability quirks and an overly complex sequencing process, and it lacks support for headless services. Nevertheless, Microsoft’s acquisition of SoftGrid, and its decision to de-couple the client from the server, point to an important role for the underlying technology in future Microsoft products and services.
• Thinstall Virtualization Suite 3.2
  Thinstall continues to deliver a no-frills solution that makes the process of packaging and deploying virtualized applications almost trivially simple. The completely self-contained virtualization environment requires no client agent or back-end server, and it delivers excellent runtime performance. However, the acquisition of competitors Softricity and Altiris has left Thinstall as the lone pioneer in a rapidly maturing market. Previously overlooked deficiencies, like the lack of client-side caching and the inability to stream over non-SMB connection types, will become magnified in the light of this newly competitive landscape.

Read the whole comparison at source.

Quoting from the VMware official announcement:

VMware, Inc., the virtualization leader, today announced a new hardware certification program for storage virtualization devices. Combined with the virtualization-enabling technologies in VMware ESX Server, this program is designed to enable customers to have more choice in deploying virtualized storage solutions with VMware Infrastructure.

By enabling hardware vendors to certify storage virtualization devices for VMware Infrastructure, VMware and hardware vendors together are poised to bring to market the complementary technologies of server virtualization and storage virtualization. As a result of this program, customers will be able to leverage the flexibility of management, cost efficiency and high availability of VMware Infrastructure as well as storage virtualization to create an end-to-end solution.

…

VMware is working directly with its Global- and Premier-level Technology Alliance Partner (TAP) program members to certify their storage virtualization devices. VMware is also working to expand the certification program to the broader storage ecosystem, including to Select-level TAP members, later this year with testing done by VMware’s authorized testing centers or by AppLabs or Cognizant Technologies. These global IT services companies specialize in testing and are authorized by VMware to test eligible hardware for all standard VMware hardware certification categories…

One common complain about VMware in the SMB market relates to its strict Hardware Compatibility List, so far only limited to servers. With this move also storage has to be certified, possibly creating an unreachable entry cost for most low-budged virtualization adopters.

This strategy also slows down storage startups, which will have to adhere VMware Technology Alliance at all costs to not have much harder time reaching customers’ sites.

The most interesting aspect anyway is that while VMware is locking down customers choices, it’s also working to extend control over hardware vendors without investing too many resources: the company is expected to launch a self-certification program in the near future, allowing every vendor to perform compatibility tests that VMware itself usually takes care of.

Virtual Iron reports that new virtualization enhancement included in Intel Xeon 7300, VT FlexPriority, brings a performance improvement up to 35% in a system with Virtual Iron 4.0 and 32bit Windows guest operating systems. Some details provided by official announcement:

…

Intel® VT FlexPriority optimizes and accelerates interrupt virtualization by improving virtual machine access to the Task Priority Register thereby enabling efficient Symmetric Multi-Processing (SMP) configurations of 32-bit guest operating systems. For users, this translates into more efficient performance in virtual environments for their critical enterprise applications.

…

Intel VT FlexPriority was designed to accelerate virtualization interrupt handling thereby improving virtualization performance. Intel VT FlexPriority accelerates interrupt handling by preventing unnecessary VMExits on accesses to the Advanced Programmable Interrupt Controller…

Quoting from the ZDNet:

VMware has traditionally restricted access to its hypervisor code and, while the vendor has made no official announcement about the API sharing program tentatively called “Vsafe”, VMware founder and chief scientist Mendel Rosenblum told ZDNet Australia that the company has started sharing some APIs (Application Program Interfaces) with security vendors.

…

Rosenblum said the APIs released as part of the initiative offer security vendors a way to check the memory of a processor, “so they can look for viruses or signatures or other bad things.”…

Read the whole article at the source.

This move was expected and welcome. Allowing security vendors to act at hypervisor level through APIs access addresses in first instance scalability challenge that customers will have face once reaching a high cosolidation ratio. Moving anti-viruses agents, host IDS agents, backup agents, etc. at the hypervisor level is the key to avoid useless memory and storage bottlenecks.

At a later time security vendors can also start correlating events which happen inside every virtual machine from their new hypervisor persepective, creating a new class of network IDS, which track virtual machines’ memories along with their network activity.

Quoting from the SWsoft official announcement:

Parallels, maker of award winning virtualization solutions for the Windows, Linux and Macintosh communities, announced today that it is collaborating with Intel, the world leader in microprocessor development, to deliver new usage models in Workstations and Clients, an effort designed to accelerate adoption of virtualization in production desktop environments. This collaboration will further enhance the value of Intel vPro technology to the end customers.

…The companies are engaged at an engineering level to accelerate the development and implementation of key workstation and desktop technologies, including Intel Virtualization Technology for Directed I/O (Intel VT-d) and Intel Trusted Execution Technology (Intel TXT). The two companies will work together with major OEM hardware manufacturers and independent software vendors to develop virtualization-powered workstation and client computing solutions.

…

Parallels intends to become the industry’s first virtualization software vendor to provide support for VT-d and TXT in Clients and Workstations…

The news is very interesting, mostly the last claim, considering Intel is already deep involved with VMware, where they intested $218 million at IPO time and gained a seat in board of directors.

Besides VMware, Intel aso already invested in SWsoft (with $12.4 million in 2005, with other VC firms) and in Virtual Iron (with $8.5 million in 2005).

After a preview in summer, the application virtualization startup Thinstall finally releases 3.2 version of its platform.

The new Thinstall 3.2 is mostly interesting because it introduces capability to virtualize Microsoft Internet Explorer, one of the most difficult application to handle because of its tight connection with Windows.

Another important feature of this release is capability to update virtualized applications without deliver the whole package again, and support for 16bit applications (Windows 95 compatible).

Download a 30-days trial of Thinstall 3.2 here.

The virtualization.info Virtualization Industry Roadmap has been updated accordingly.