virtualization.info Editors

After releasing a paper about best practices and one about Virtual I/O Server Deployment Examples, IBM Redbook department now releases a foundation book (488 pages) about System p5 POWER virtualization configuration:

This IBM Redbook provides an introduction to Advanced POWER Virtualization on IBM System p5 servers.The Advanced POWER Virtualization feature is a combination of hardware and software that supports and manages the virtual I/O environment on POWER5 and POWER5+ systems.

…

Though the discussion in this IBM Redbook is focused on System p5 hardware and the AIX 5L operating system, the basic concepts extend themselves to the i5/OS and Linux operating systems, as well as the IBM System i5 platform…

Table of Contents

• Chapter 1 – Introduction
• Chapter 2 – Virtualization technologies on System p servers
• Chapter 3 – Setting up the Virtual I/O Server: the basics
• Chapter 4 – Setting up virtual I/O: advanced
• Chapter 5 – System management
• Chapter 6 – Partition Load Manager

Read the whole book at source.

Microsoft answer on recent VMware whitepaper attacking licensing strategy about virtualization arrived quickly, brief and allusive.

Mike Neil, General Manager of Virtualization Strategy at Microsoft, commented the paper to virtualization.info this way:

Microsoft believes the claims made in VMware’s whitepaper contain several inaccuracies and misunderstandings of our current license and use policies, our support policy and our commitment to technology collaboration.

We believe it’s better to resolve VMware’s claims between our two companies so that we can better serve customers and the industry. EMC is a long-time partner of Microsoft. We’ve extended this courtesy to VMware due to our mutual customers and partnership with EMC. We are committed to continuing to collaborate with VMware as we have been doing on regular basis. Consistent with this, Microsoft believes that we will be able to accommodate a mutually agreeable solution between our two companies and clear up any existing misunderstanding with regard to the points raised in the whitepaper.

While suggesting a pacific resolution of this case (which would require a public rectification from VMware), Microsoft is clearly recalling its partner EMC for the unprecedented attack of its virtualization subsidiary.

EMC announced launch of VMware Initial Public Offering (IPO) for this summer and a compromising of Microsoft partnership could lead to a remarkable damage for stock performance. An undesired risk for EMC which is not obtaining Wall Street’s benevolence since a long time.

Update: SWsoft Director of Technology, Ilya Baimetov, decided to take part in this odd competition, extending the endless competition with VMware and indirectly remarking the new partnership with Microsoft.

On his corporate blog he commented the paper defending Microsoft efforts in changing its licensing model, and remembering how VMware itself is very closed on its standards.

With a long paper VMware launches a direct attack against Microsoft on several aspects of its current licensing model for virtualization scenarios.

The paper, available in HTML format for maximum exposure, highlights 7 critical points picturing the Redmond giant as an unfair competitor, trying to oblige customers adopting its virtualization products through limitations to Windows licensing:

• Support for customers
• Prohibitions on running Microsoft virtual machines on 3rd party virtualization software
• De-activation of Microsoft virtual machines on 3rd party virtualization software
• Prohibition of translation or manipulation of Microsoft VMs into other formats
• Licensing restrictions on server virtual machine mobility
• Prohibitions on desktop virtualization
• Closed Windows Virtualization APIs

Some limitations detailed in ths paper are almost unknown, while others have to be verified (for example Microsoft is reporting Windows Virtualization APIs will be publicly disclosed at beta timeframe), and surely is a recommended reading.

VMware is becoming more aggressive on the market and this is the second direct attack launched against Microsoft in few months (first one was about company interoperability deal with XenSource).

These critics comes just few days after Microsoft allowed unlimited SQL Server 2005 virtual instances for customers buying its Enterprise Edition.

VMware published a basic but interesting 19-pages security guide for ESX Server 3.x and VirtualCenter 2.x. It covers hardening of virtual machine, service console, ESX host and VirtualCenter machine:

By introducing a layer of abstraction between the physical hardware and virtualized systems running IT services, virtualization technology provides a powerful means to deliver cost savings via server consolidation as well as increased operational efficiency and flexibility. However, the added functionality introduces a virtualization layer that itself becomes a potential avenue of attack for the virtual services being hosted. Because a single host system can house multiple virtual machines, the security of that host becomes even more important. Any security breach on that system can have a far greater effect on your environment.

Because it is based on a light-weight, kernel optimized for virtualization, VMware ESX Server is less susceptible to viruses and other problems that affect general-purpose operating systems. However, ESX Server is not impervious to attack, and you should take proper measures to harden it, as well as the VMware VirtualCenter management server, against malicious activity or unintended damage. This paper provides recommendations for steps you can take to ensure that your VMware Infrastructure 3 environment is properly secured.

Read the whole paper at source.

One of most requested Microsoft product to be supported in virtual infrastructures is the firewall/proxy ISA Server.

So far the company refused to extend its support policy to it as declared in Knowledge Base article 897614.

Now Microsoft unexpectedly updates another article, 987613, officially declaring support for ISA Server 2006, despite release candidate release notes warning:

ISA Server 2006 has been tested on Microsoft Virtual Server 2005 R2 and is expected to be fully functional. However, deployment of ISA Server on a Virtual Server 2005 R2 environment should be limited to testing purposes only. Specifically, we do not recommend a Virtual Server 2005 R2 production environment where ISA Server 2006 is expected to serve as the network firewall.

While two different support articles are in contradiction, the most updated one (January 30, 2007) is confirming support and should be considered as most reliable.

Thanks to Andrew Dugdell for the news.

Since Workstation 5.0 VMware introduces capability to record a virtual machine activitity in an AVI video. Unfortunately recording codec is proprietary and playback is impossible with common media players on machines where Workstation is not installed.

Now Philip Langdale, a VMware engineer, reveals the video codec used in Workstation is a customized VNC session record and informs MPlayer developers found a way to reverse it.

So now to play a virtual machine movie on a computer without VMware Workstation you’ll just need last version of Mplayer and this codec.

Dell published on its VMware Alliance Center site a 3-minutes video showing how a Microsoft SQL Server virtual machine can be live migrated with VMotion from a blade to another, without service interruption, in a Dell PowerEdge blade server.

The video is very low quality but if you never saw VMotion in action it’s worth to check it.

Thanks to VMTN for the news.

The russian startup Veeam releases second generation of its free graphical file manager for VMware ESX Server: FastSCP 2.0.

This new release introduces:

• Multiple ESX management from a single console
• ESX to ESX direct copy
• Complete File Management & Windows Integration

Download it here.

Virtual appliances concept launched by VMware and quickly embraced by several virtualization vendors (including Microsoft and Virtual Iron) and partners in the industry, brings in notable benefits but currently implies several risks.

One of them is allow virtual appliances to become threat vectors because of slow and complex delivery methods for updated images.

Part of the problem can be addressed developing an industry standardized technology able to simplify and possibly automate distribution of virtual machines from providers public sites to customers infrastructures, in a secure and reliable way.

Enomaly, the virtualization startup developing the open source management console for Xen called Enomalism, is already working on such standard proposal and launched the VMcasting technology:

VMcasting is an automatic virtual machine deployment mechanism based on RSS2.0 whereby virtual machine images are transferred from a server to a client securely delivering files containing a technical specification and virtual disk image.

The concept of VMcasting is based on the similar concept of Podcasting, the popular trend of audio content delivered via an RSS feed presenting a downloadable or streaming file (often an MP3). With VMcasting, a developer publishes an RSS 2.0 feed where each item describes a release of a particular Virtual Machine Image or Virtual Appliance. The items descriptions may contain release notes or other information about what’s new in a particular release. Therefore developers can be easily upgrade or install using a virtual server management system such as Enomalism.

VMcasting has been designed with scalability in mind (it supports single virtual machines definition as well as group of virtual machines) and broad compatibility, supporting virtual images from VMware, Xen (including XenSource and Virtual Iron then), Microsoft, Parallels and QEMU.

Discover details of the technology on the official VMcasting site.

Enomaly has been included in the virtualization.info Virtualization Industry Radar.

Blue Lane, the security provider famous for its innovative inline patching technology, become VMware Technology Alliance Partner and is now preparing to release a security product (probably a special version of its PatchPoint) for VMware ESX Server, as anticipated on the official site.

While Blue Lane interest and focus on virtualization is evident, VMware is expected to unveil security solutions (backup, patching, firewalling, intrusion detection, etc.) at host level for protecting virtual machines since long time, when first papers about the topic have been published (February 2006) and virtualization.info discovered a new product in the work codenamed Integrity (June 2006).

A host-level patching solution is probably the first and most important side benefit customers may obtain from virtualization adoption, which greatly extends its return on investment this way.

A further hint to upcoming BlueLane solution is provided by the company introductory whitepaper Server Security, Patching and Virtualization, which ends with following statement:

PatchPoint is capable of creating a completely trusted domain in which virtual machines can be protected regardless of their state.