Year: 2008

Vizioncore continues to refresh his management team, after giving away its Director of R&D, Scott Herold, to the parent company Quest and replacing its CEO, David Bieneman.

The company has just completed a major recruitment, hiring Russ Naples as Senior Vice President of Product Development.

Naples come from Citrix where he spent the last 13 years as Vice President of Product Development.

Maybe this means that Vizioncore may soon start offering its products for XenServer and not just VMware ESX.

The much discussed (and long awaited) VMware disaster recovery product dubbed Site Recover Manager (SRM) is almost ready for shipment: the company announced that it will be available within June 20.

But VMware doesn’t plan to release only the product. virtualization.info has just learned that there will be a dedicated classroom course for SRM, planned for Q3 2008.

virtualization.info has also received informations about a full revamp of the training offering in 2009, when new courses about performance, network and storage design will be introduced.

The upcoming set of VMware APIs known as VMsafe has the potential to dramatically change the way we secure data centers today.

If the technology will be widely adopted by security vendors it’s clear that VMware competitors will try to replicate the approach or further innovate it. But until a clear, positive answer from the market, the most obvious strategy is to raise some (absolutely legit) security concerns about VMsafe and its capability to expose part of the hypervisor for new attacks.

So far Microsoft didn’t took an official position about the topic but virtualization.info had the opportunity to speak with several representatives who clearly stated how carefully the company is evaluating the security implications of a VMsafe-like approach.
Nonetheless Microsoft may be working to build the internal know-how needed to achieve the task.

Just two months ago in fact Microsoft acquired a small security firm focused on rootkit detection called Komoku.
As Christopher Hoff, Chief Security Architect at Unisys, recently discovered, Komoku did some research in the past, presenting a solution for Xen where virtual machines can do self-diagnosis and self-healing as well as learning to protect against subsequent attacks.

As a sort of irony, to develop its prototype Komoku took some inspiration from the work of Tal Garfienkel and Mendel Rosenblum (Chief Scientist at VMware), presented in 2002.

The adoption of a VMsafe-like framework could greatly benefit Microsoft: while VMware has to rely on 3rd parties (unless they want to leverage the Determina acquisition in a certain way), Microsoft has an entire portfolio of products to integrate with its upcoming hypervisor.

This may put the Redmond company in a privileged position against both virtualization and security competitors which miss each other to provide an out-of-the-box secure virtual data center.

Christorfer Hoff, Chief Security Architect at Unisys, spotted a whitepaper presented in 2002 by Tal Garfienkel and Mendel Rosenblum (already co-founder of VMware at that time) about a project called LiveWire, a new approach to deliver host-based intrusion detection systems (IDS) through hardware virtualization:

Today’s architectures for intrusion detection force the IDS designer to make a difficult choice. If the IDS resides on the host, it has an excellent view of what is happening in that host’s software, but is highly susceptible to attack. On the other hand, if the IDS resides in the network, it is more resistant to attack, but has a poor view of what is happening inside the host, making it more susceptible to evasion. In this paper we present an architecture that retains the visibility of a host-based IDS, but pulls the IDS outside of the host for greater attack resistance. We achieve this through the use of a virtual machine monitor.

Using this approach allows us to isolate the IDS from the monitored host but still retain excellent visibility into the host’s state. The VMM also offers us the unique ability to completely mediate interactions between the host software and the underlying hardware. We present a detailed study of our architecture, including Livewire, a prototype implementation. We demonstrate Livewire by implementing a suite of simple intrusion detection policies and using them to detect real attacks.

Six years later VMware is finally about to release a set of APIs called VMsafe, which seems to do exactly the same thing.

This implies that, until VMware releases more details about VMsafe, this is the most detailed documentation available about the upcoming architecture.

Read the whole paper at source.

More than one year ago the Xen trademark became the major topic of discussion when talking about the relationship between XenSource, owning the rights at that time, and other companies adopting the open source hypervisor (Virtual Iron and Red Hat in particular).

Now Citrix, which obtained the Xen trademark after the XenSource acquisition, is about to update the use right policy as reported by Stephen Spector, Senior Program Manager of Xen.org, on the corporate blog.

While re-shaping the trademark policy around the community feedbacks, Citrix legal department is concerned about the uncontrolled use of Xen-something terms and may prohibit too open terms:

…Citrix believes, and hopes that the community understands, that use of other Xen-combined names might confuse potential users  of Citrix-sourced products as to the source of a particular product or service. Since all Xen-based commercial products on the market today (of which Citrix is aware) from other vendors are all non-Xen branded, Citrix believes that this is the appropriate time to clarify this issue.

For example, an ISV may create a service for registering servers running Xen and decide to call the service “XenRegister”.  A reasonable IT consumer could be confused and assume that the XenRegister service is sourced by XenSource and Citrix.  Instead, the ISV could call their service, for example, “VM Registration for the Xen® hypervisor” or “MegaRegister™ for Xen®,” or any other name which is in keeping with the Xen Trademark Policy and does not reasonably confuse an IT consumer as to its source…

Spector said there is a last version of the policy coming out for community inspection. We’ll see how this issue really limited the use of the Xen trademark at that time.

Patrick Rouse and Ken Davidson, Senior Sales Engineers at Quest, just published a very interesting (but not necessarily unbiased) features comparison between their own Provision Networks Virtual Access Suite (VAS) connection broker, VMware Virtual Desktop Manager (VDM) and the just released Citrix XenDesktop.

The matrix reveals that the next version of VAS, 5.11, will be released in Q3 2008 and will provide several new features including:

• Support for Parallels Virtuozzo
• Multiple virtual machines boot from a single virtual disk
• User environment customization
• Dynamic image compression
• Media redirection to client codecs (Windows Media and Flash)
• Universal printer driver for network printers
• Universal Printer gateway
• Support for Universal USB and USB scanners

The document also reveals that VSA 6.0 release is planned for Q4 2008, when it will feature at least a new, scriptable MMC-based console and administrative rights delegation.

Announcing the completion of Kidaro acquisition, Shanen Boettcher, General Manager of Windows Product Management, reveals on the corporate blog that Managed Workspace will be called Microsoft Enterprise Desktop Virtualization.

The technology will be integrated in the Microsoft Optimized Desktop Pack (MDOP), where also Application Virtualization (formerly SoftGrid) sits, no earlier than H1 2009.
So both products will be available for those customers which accept to pay the Software Assurance.

No mention of how the product will be integrated with other Microsoft solutions like System Center Virtual Machine Manager (SCVMM) or Operation Manager (SCOM), which already manage and monitor the Virtual Server 2005 (and soon the Hyper-V) virtual machines.

In any case the Microsoft decision to tight Kidaro technologies to MDOP will give VMware (with ACE), Sentillion (with vThere) and MokaFive (with their new Virtual Desktop Solution) a lot of time to gain some more market shares.

Bakbone Software is the latest backup vendor which now supports VMware environment.

It’s product, NetVault 8.1, supports both virtual machines deployment and Consolidated Backup (VCB) feature offered by VirtualCenter.

VirtualCenter already exposes a good range of APIs which can be manipulated with Perl and recently with PowerShell. But VMware wants to provide a wider choice and last month added Java to the list.

The client-side Java APIs are not officially supported at the moment and are distributed with the open souce BSD license.

Download the libraries here.

VMware published a new 12-pages precious paper describing how VirtualCenter performs when using a Microsoft SQL Server 2005 back-end database, and how it should be configured to achieve optimal performance.

The VirtualCenter database saves performance history for all the managed VMs, which is a pretty intensive I/O activity, so the test methodology measured how well SQL Server 2005 performs in a virtual environment with 100 VMs.

The results are interesting:

The paper also includes some guidelines for correctly sizing the database, making it a must-read.

Download it here.