virtualization.info Editors

Akimbi is arranging a new webcast for 5th April:

Register now to join Mercury, Akimbi Systems, and our joint customer as we explore how new lab automation technology combined with functional testing tools is changing the way test and quality teams manage their test cycles and processes. As a QA professional, you must attend this one-hour webcast if you can identify with any of the following:

• You wait too long for your test environments to be configured and deployed
• You find it difficult to configure test environments to be “as close as possible to production”
• Reproducing bugs is challenging at best, impossible at worst, and delays the delivery (or compromises the quality) of your software
• Excessive servers, networking equipment and other resources are sprawled throughout the organization – yet you always seem to need more to support all the environments required to complete testing

Attend this Session and Learn:

• How the “automated test bed” will change testing best practices forever, from a customer perspective
• How to create this revolutionary “one-touch” testing using Mercury Quality Center and Akimbi Slingshot
• How this solution can deliver ROI to your organization

Register for it here.

Since years researchers looks for method of discovery when a program is running inside a virtual machine. In a near future this could be even more important if virtualization rootkits will really start to spread.

Since November 2004 virtualization.info posted several articles about this topic:

• How to detect virtual machines softwares
• How an application can detect if is running inside a Microsoft Virtual PC virtual machine
• How an application can detect if is running inside a VMware virtual machine

Today the first methods posted, RedPill and scoopy_do, has been further developed and described in this new whitepaper: Detecting the Presence of Virtual Machines Using the Local Data Table:

The SIDT mechanism as implemented by Tobias Klein [1] and separately by Joanna Rutkowska [2] is a method for detecting the presence of a virtual machine environment. While the test is by no means thorough, it is an effective test for the presence of an emulated CPU environment on a single-processor machine. There are various problems with the implementation, however.
…
Our method is a variant on the SIDT process used by Redpill and scoopy_doo. We use the Local Descriptor Table (LDT) as a signature for virtualization. The LDT provides segmentation for operating privilege changes. It provides the base addresses, access rights, type, length, and usage information for each segment…

Sun Solaris 10 Express 3/06 has been released and it provides nice features for Zones.

Quoting from release notes:

Two new subcommands, move and clone, have been added to the zoneadm command.
Zone move and clone features enable the following operations:

• Relocate a non-global zone from one point on a system to another point on the same system
• Rapidly provision a new non-global zone based on the configuration of an existing zone on the same system

Download Solaris Express 3/06 here.

If you are interested in Solaris (and you would try Zones) you could find interesting my How to install Sun Solaris 10 inside VMware Workstation 5.5.

Since there is a lot of confusion about Solaris 10 I’d like to spend few words detailing differences:

• Solaris 10 is the official Sun release of its operationg system, updated just after consolidating many improvements and considering them stable.
  At today we just have Solaris 10 Update 1 (called Solaris 10 1/06).
• Solaris Express is the development version of Solaris 10, updated quite every month (so 3/06 means Express build for March 2006 ), and marked with a build name (this one for example is Nevada build 33).
  If you are confident with Microsoft technologies it’s what the Redmond giant is calling Customer Technology Preview (CTP) since some months.
• OpenSolaris is a subset of Solaris 10 (and then of Solaris Express), made available as open source, and providing operating system source code, ready to be compiled with Sun Studio 10 (and gcc after some more debugging from Sun engineers).

A little confusing huh? To summarize:

• If a new virtualization feature appears on Solaris Express it’s not to be considered stable and good for production until it’s included in a Solaris 10 Update.
• This virtualization feature could be not released as open source by Sun, so it won’t appear on OpenSolaris.
• Solaris 10 and further Updates are the only kind of Solaris operating system a virtualization platforms like VMware would support.

Fedora Core 5, expected for Monday, has been already released since yesterday and it’s circulating on several mirrors, torrents and so on.
And it’s opening the grand virtualization season of Red Hat, as anticipated in this press release.

Reading from release notes we can see deep integration of Xen:

Virtualization in Fedora Core is based on Xen. Xen 3.0 is integrated within Fedora Core 5 in the installer.
…
The Xen virtualization system has enhanced support. The tools to configure Xen virtual machines on your Fedora Core 5 system now use the standard graphical installation process, run as a window on your desktop. Fedora developers have also created gnome-applet-vm, which provides a simple virtual domains monitor applet, and libvirt, a library providing an API to use Xen virtualization capabilities.

The most important document about this integration is the Installing Xen Guests with Fedora Core 5.

Download FC5 here (while waiting official FTP upload).

The introduction of free virtualization tools Player and Server aren’t just going to change the virtualization market, but the company itself, starting from its sales channel.

At today VMware has a very articulated partnership network, counting Technology, OEM, Distributing, Reselling and Consulting partners.
Putting aside Technology partners, all others will be influenced and possibly invested by the VMware free virtualization strategy.

Resellers will be the first, real suffering part of the channel.

They are now divided in VIP Professional, authorized to sell VMware Workstation, ACE, VMTN, GSX Server and VirtualCenter products, and VIP Enterprise, authorized to sell all products (which translates in selling ESX Server, VirtualCenter and P2V Assistant).

GSX Server is gone for good, replaced by the free Server, and at today isn’t clear if the new product will be supported by VirtualCenter or not.
At the same time Workstation sales will be partially corroded by spread of free Player, hugely boosted up by the recent VMware Challenge.

What VIP Professional will sell then? Workstation, ACE (which is in absolute the less pushed VMware product since ever) and the VMTN subscription.

But, and I speak after an experience of 1 year and a half heading a VMware VIP Professional reseller company in Italy, isn’t a secret that buying Workstation or VMTN subscription by a reseller is quite unpractical for customers: both products can be bought online with immediate availability of registered serial numbers, while buying them through resellers take a whole month (and sometimes even more).
And considering low discounts a VIP Professional is able to apply, is quite unlikely a customer would give up online purchase just to save 10 dollars.
Finally, it’s quite probable VMware will lower resellers discount margin at the Server market launch, to amortize the huge investment done converting GSX Server in a free solution.

So, whatever Server will have or not VirtualCenter support, VIP Professional are doomed to disappear, unable to sustain profits just selling few copies of ACE and a bunch of Workstation and VMTN.

On the other side Enterprise resellers and partially distributors will have soon to face problems as well: their sales, already compromised by direct bundling of VMware products with OEM datacenter hardware (IBM or HP for example), will lower even more when the so called Virtual Infrastructure 2.0 (ESX Server 3.0 + VirtualCenter 2.0) will be out on 2H 2006.

New features this release will offer and the many will follow with new releases, will oblige a customer, new to virtualization and decided to adopt it through ESX Server, to immediately buy certified servers (by IBM or HP for example) and a Storage Attached Network (by IBM or HP for example).

So the more powerful the VMware infrastructure wil become, the more chances OEMs will have to sell products from themselves, mutilating VIP Enterprise partners and distributors businesses.
At the same time Consulting partners will have every day less space, obliged to resell their skilled professionals directly to OEMs, which will be able (and are already able today) to offer a complete bundle to customers.

At a point, and I’m informed it’s already happening, OEMs will give VMware products for free, just to place their hardware on customers datacenters. How others could ever compete?

At the end of the day we should expect a deep crisis in the sales channel unless VMware does one of these 2 things or both:

• remodel the channel to adapt it to the ongoing strategy
• release soon new products to be sold on today’s sales infrastructure

In any case it won’t be easy.

Ready or not virtual infrastructures are a reality. And exactly like physical infrastructures they need security tools to protect traffic through the virtual networking.

To do so you can put a traditional tool (firewall, IDS, IPS) on a virtual machine and act as usual, but there is a big problem: 100% security products are not supported inside virtual machines at today.
So it’s very good to finally see a product born to be deployed in virtual environments.

Quoting from the Reflex Security official announcement:

Reflex Security, a pioneer in network intrusion prevention, today announced Reflex VSA, the industry’s first virtual security appliance for virtualized environments. Reflex VSA allows enterprises deploying virtual computing technology to secure virtualized networks with firewall protection and intrusion prevention.

The patent-pending technology fills the security void left by traditional network security solutions that reside outside of the virtual machine host and are not fully capable of detecting and protecting against breaches inside virtualized resources.
…
Reflex VSA creates a virtualized network security appliance that operates within a virtual network and replicates the operational attributes and interfaces of a physical network security appliance, while supporting the Reflex Security software applications.
…
Features available in the Reflex VSA include:

• Access firewall, providing permission policy enforcement for intra-host and external network communication
• Intrusion Prevention via deep packet inspection and inline blocking/filtering for virtualized networks
• Anomaly, signature, and rate-based threat detection capability to defend against DoS attacks, flood attacks, malicious content, viruses, etc.
• Network Discovery to quietly discover and map all virtual machines and applications running in the virtualized environment
• Network Defender, allowing the ability to remove a virtual machine from a network by communicating with a virtual switch and blocking the port
• Reflex Command Center, providing a centralized configuration and management console, comprehensive reporting tools, and real-time event aggregation and correlation

The Reflex VSA will initially support the VMware ESX server…

Another script from Ben Armstrong.
This time he teaches how to automatically launch virtual machines in a Virtual Server 2005 environment when the host operating system boots up:

Set objVS = CreateObject(“VirtualServer.Application”)
Set objVM = objVS.FindVirtualMachine(“VM Name”)
objVM.RunAsDefinedAccount = True
result = objVM.SetAccountNameAndPassword(“DOMAIN\Username”,”Password”)
objVM.AutoStartAtLaunch = 2

Be sure to read the original post for comments and updates.

VMware always had a strange strategy for GSX Server. They pushed for years the idea GSX Server is something for companies more than professionals (so something more than Workstation), for its web management and API interface features, but much less than ESX Server.

If you look at this official comparison you’ll notice GSX Server underlined as department product (while ESX Server is defined a datacenter product) but VMware never tried to seriously sell it for anything but development and testing.

During years customers figured out and used to think GSX Server is where to try their virtual machines before hosting them on ESX Server. And in fact Microsoft Virtual Server 2005, which should really compete against GSX Server, is always compared against ESX Server, which is quite unresonable.
Even virtualization professionals are mainly skilled on ESX Server and don’t even consider GSX when approaching a new server consolidation product (just read the several thousands of messages on VMTN Forums).

To give further credibility to this way of thinking VMware is now revamping GSX Server, recalling simply Server and giving it for free. A move that can be interpreted in 2 ways:

• GSX Server wasn’t that good so the best move is to give it away to enforce the complex VMware strategy
• VMware is explicitly admitting GSX Server has been always aimed just to push ESX Server

Well, I can personally grant GSX Server has been ready for production environment since, at least, version 3.0: while heading a small consulting company (now no more involved in) I directed the complete server consolidation of a medium business company, working with VMware marketing department to create the first italian case study about GSX.
And I can grant that virtual environment, much more scaled up since the beginning, is still working perfectly since 2 years, never providing bad performances or faults or instability of any kind.

For this reason I completely agree on the Margie Semilof’s article VMware says GSX Server wasn’t fit for prime time. Says who? published on SearchWinIT.com.

It’s unquestionable ESX Server provides a better consolidation ratio and lower virtualization overhead. But saying GSX Server is good just for test and development is simply not true.

Dominic Rivera, author of the much appreciated VMProfessional site for preparing in VMware VCP exam, is working on a FAQ about running VMware ESX Server on a SATA disk subsystem.

SATA disks are unsupported by VMware but using some particular controllers is possible to fool the ESX kernel and workaround the limitation.
One example of this is documented by Richard Garsthagen.

The FAQ is actually a work in progress on VMware VMTN Forums here. Be sure to monitor this page often since Dominic updates the thread and could host his work somewhere else.

PHD Consulting just released a new tool called esXpress.

It’s available in 3 versions: LE, Pro and Enterprise.

The LE version is available for free and offers:

• Complete 100% backups of all your virtual machines every day
• Faster then other virtual backup solutions. Realistic backups speeds from 17 GB an hour to 100 GB an hour
• No local /vmfs or ext3 space is required on the host
• Run multiple backups per day, instead of multiple days per backup
• Backup to Linux, Windows or any other server using FTP
• Each host runs autonomously, not from a centralized host. No single point of failure
• Menu driven, no scripting required
• Simple installation on host server
• Restore FULL backups easily through the PHD Menu, which pulls the backup directly from the backup server
• No Additional local space is required to restore a FULL backup. You only need enough local /vmfs space to recreate the restored FULL VMDK backup
• No software is actually required to restore a FULL backup, it just makes it simpler
• Simple reporting on the backup FTP server. Hosts, Days, VMDK, Space
• Complete integration with our GUI front-end (coming soon)
• 60 Day esXpress Pro Intelligent Delta plug-in demo

As far as I understand after 60 days only the Intelligent Delta plug-in will be disabled granting a complete backup solution for free (if I misunderstood please advice).

Download it here.