Year: 2008

Announced for the first time at VMworld 2007, launched in beta in January, and expected for Q2 2008, the newest automation from VMware, Stage Manager (VSM), entered in the beta 2 phase last week.

The new build (1471) introduces several new capabilities and enhancements like:

• Change history View an annotated history of actions on a configuration.
• Guest customization This feature replaces the VM Personalizer utility.
• Service template Stage Manager administrators can set up and change a default service template, used for creation of new services
• Partial deployment of configurations Deploy portions of a configuration rather than the whole configuration.
• Demote configuration Demote a configuration to any prior stage.

Enroll for the beta program here.

It seems that VMware didn’t just change the name of its flagship product, from ESX Server to just ESX, but also slightly changed the licensing scheme.

Cornel Heijkoop spotted an interesting news about it: the capability to split a 2-CPU VMware Infrastructure 3 license into two 1-CPU licenses (effective since April 1st, 2008).

Note that VMware channel is still obliged to sell VI licenses with a 2-CPU increment, and this change currently affects only the way customers bind the acquired licenses to their hardware.

Why VMware is doing this? The official Q&As clarify that the 2-CPU license minimum requirement was not well accepted by some SMBs.

Unfortunately the current HCL has a very limited number of supported servers with single CPU, so VMware will have to work on this extensively to make VI3 a more appealing offering for SMBs.

KVM, the The open source bare-metal hypervisor included in the Linux kernel, reaches version 65 landing on the IBM s390 mainframe architecture.

Anthony Liguori, one of its contributors (and once Xen developer), reveals that this first version for s390 already supports 64-way virtual machines.

Other major features are in the hypervisor roadmap.

Some of them will provide KVM memory management capabilities that are famous in VMware ESX: the memory balooning (also available in Citrix XenServer) and the page sharing.
Both should appear in this Q2 2008 (memory ballooning in particular is expected with the upcoming Linux kernel 2.6.25.

Download KVM-65 here if you don’t want to wait for the official inclusion in the next kernel build.

While VMware is working on a new set of APIs, VMsafe, which allows 3rd party security products to check the whole virtual infrastructure at hypervisor level, IBM announces that is working on a similar (but much more limited) technology.

Called codename PHANTOM, the new IBM product is an Intrusion Protection System (IPS) coming from the recent acquisition of ISS, which sits inside a virtual machine and, exactly like upcoming VMsafe-ready products, controls the other virtual machines without direct interaction, but throught the hypervisor.

It’s not clear if this product will support VMware ESX though VMsafe or if it will support other hypervisors. IBM doesn’t even provide any release timeframe for it.

Now that VMware is about to offer a unique and revolutionary point of analysis through its upcoming VMsafe APIs, more and more security vendors are expected to join its TAP program.

The popular IDS/IPS provider StillSecure is the last newcomer:

StillSecure, creator of secure network infrastructure solutions, today announced participation in the VMware Technology Alliance Partner (TAP) program. As part of this program, StillSecure will take advantage of the recently released VMware VMsafe technology to bring security to virtualized data center environments. VMsafe enables companies like StillSecure to integrate their solutions — using APIs that are available for VMware ESX Servers — to protect applications running in virtual machines.

Little by little Quest is extending its presence in the virtualization market. After completing the acquisition of Invirtus, Provision Networks and Vizioncore, the company now is focused on releasing virtualization-aware versions of its products.

Quoting from the official announcement:

Quest Software, Inc. today announced the release of Foglight version 5.2, which supports VMware ESX Server. In a rapidly growing and crowded virtualization management market, Foglight has the unique ability to monitor the impact virtualization changes can have on databases, applications and end users, while simultaneously correlating the usage of resources on both physical servers and virtual machines.

…

Along with providing customers increased insight into virtual infrastructures, Foglight delivers a set of capabilities that enable organizations to:

• Contain alarm storms created by the virtual machines and physical servers
• Track virtual machines from one physical server to another
• Show the impact that multiple virtual machines, which share physical resources, have on one another as virtualization policies change
• Receive root-cause diagnostics and expert advice
• Monitor VMotion events that dynamically move virtual machines
• Customize views for IT operations, the data center team and management

More than one year ago virtualization adopters looking for new Microsoft hypervisor, Hyper-V (at that time called codename Viridian), had great expectations because of one groundbreaking new feature in the work: the capability to add new virtual hardware (virtual CPUs, virtual RAM or virtual NICs) on the fly inside running virtual machines.

This feature alone was interesting enough to put some enterprise customers to refrain from jumping on the VMware bandwagon.

Unfortunately, in May 2007 Microsoft announced the drop of hot-add support from its roadmap, postponed to an unannounced date.

At that point was clear that Microsoft competitors could implement that feature earlier than Microsoft itself, since the capability to add new hardware live doesn’t depend on the virtualization platform itself, but rather on the operating system.
This depends on the Dynamic Hardware Partitioning (DHP) technology that Microsoft started to implement in Windows Server 2003 SP1 and which is fully enabled in Windows Server 2008.

And now, as supposed, VMware is the first to introduces the new hot-add support.

The information is hidden in the just published Workstation 6.5 beta 1 feature list:

New virtual hardware version — This new hardware version lets you use the following new features if the guest operating system supports them: Add or remove some virtual devices while the virtual machine is powered on (“hot-plug”). Use LSI Logic SAS (serial attached SCSI) adapters in the virtual machine. 3-D graphics capabilities are enabled by default. Hot-add virtual CPUs and memory to a Windows Server 2008 guest.

So while Microsoft is still struggling to release Hyper-V 1.0 (expected in August 2008) which will not support hot-add, VMware is already near the release time.

The well-known VMware software lifecycle implies that new features are first introduced in VMware Workstation and after a good time are slipped into ESX (formerly ESX Server). So we may not see virtual hardware hot-add support in upcoming ESX 3.5.x releases but ESX 4.0 may have good chances to implement it.

On April 1st, thinking it was a good idea, the guys at virtualization.com published a fool’s joke about the Sun acquisition of Parallels for $205 million.

The news was eventually picked up by Google News and so, despite it was an evident fake (the claimed price is well below any possible estimate) somebody republished the article while others asked for more details to Parallels.

The fake news didn’t impact the stock market luckily, with JAVA shares started at $15.68 and closed at $16.00, but virtualization.com guys may have risked a lawsuit.

What makes this story interesting anyway is the public answer that Parallels took care to publish on the corporate blog.

Despite the article is titled Parallels is not for sale it seems quite the opposite: Ilya Baimetov, Directory of Technology, explains how the claimed price would be too low (which means that Parallels is for sale, it’s just a matter of money as usual), and how Sun is not the best buyer.

Baimetov mentions a couple of obvious virtualization players which could buy Parallels, Microsoft and VMware, along with an unexpected third one: HP.

Besides providing virtualization-ready hardware for VMware and for Citrix, so far HP never showed a clear interest to become a virtualization player.
So why mentioning HP? Why Baimetov didn’t also mention other OEMs like Dell and IBM?

Maybe HP is actively pursuing an acquisition in the hardware virtualization market and Parallels took this opportunity to manifest its availability, or the company is just suggesting HP that its acquisition may be a good idea.

He who has ears to hear…

Update: To discourage the speculation published in this post Baimetov updated his original post and included IBM to the list of meaningful buyers for Parallels.

Second update: It seems that virtualization.com didn’t like much the reactions generated by their own joke. Here it is a follow-up.

The Register published an interesting article last week about the security risks that the upcoming VMsafe APIs may introduce in VMware ESX.

The critical part anyway is a revelation from Mike Poor, Senior Security Analyst at IntelGuardians, claiming to have broken hypervisor’s security layer:

…Poor said his firm received $1.2m from the Department of Homeland Security to look for ways attackers can penetrate hypervisors and ways security researchers can detect and prevent such escapes. Because the two years worth of research is under lock and key, Poor could only say: “We were successful in all three.”…

Obviously this sentence may mean everything, but it seems to imply that IntelGuardians was able to escape the guest OS isolation and jump directly onto the hypervisor, which is the biggest risk in virtualization environments.

Since there is no way to validate the Poor’s claim we’ll have to wait for another security firm to publicly disclose the breach.

Almost silently the US startup Qumranet, famous for supporting the KVM development, accomplished a remarkable achievement: releasing para-virtualization network drivers for Windows guest OSes.

The drivers are available for Windows 2000 and XP (signed versions) as well as for Windows 2003 (unsigned version), are for 32bit systems only, and can be used with KVM-61 or later.

Using dedicated para-virtualization drivers, guest OSes can often improve performance as also VMware confirmed.

Haydn Solomon, the Qumranet developer who published the news, provides a step-by-step installation guide just in case it’s needed.

Download the drivers here.