virtualization.info Editors

Tom’s Hardware just published a wonderful 19-pages analysis on how a VMware ESX Server 2.5.2 performs on four servers from HP, Dell and Tyan, with AMD Opteron and Intel Xeon CPUs:

Our primary goals in this article are to shed some light on the performance differences between the current AMD and Intel platforms in a heavily multithreaded server environment, and to see how well the platforms scale. Since the systems we used were on loan from a local dealer we had limited time for testing, and could not test every type of applications. One application we did look at is ESX Server; this is an important topic these days, as VMware’s operating system can bring any server to its knees if you run many logical servers on it as virtual machines.

Read the whole must-read article at source.

Bink.nu just published a tentative roadmap of what Microsoft is going to release in 2006.

Among all products a new Virtual Server major release appears: Virtual Server vNext 2006.

I already reported the information without mentioning this name on my September post:
Microsoft virtualization roadmap disclosed details

Microsoft reported this new version could bring in VMs hot backup based on Volume Shadow Service (VSS) support.
It’s also possible it will include better virtual video driver to fully support the upcoming Vista new GUI: Aero.
Instead it’s unsure if the new version will bring 64bit guest OSes or not.
No further news are available.

Note that Steven Bink reports Windows Hypervisor is scheduled 90 days after codename Longhorn Server release.

Thomas Kyte posted on his blog impressions about using the experimental 2-way Virtual SMP feature included in the new VMware Workstation 5.5.

Not providing any real comparison numbers but worth to read if you don’t have an idea about how this could perform.

Thanks to VMTN Blog for the news.

After reporting the news during beta phase, I can now confirm the final NetBSD 3.0 supports Xen 2.0, both in privileged and unprivileged mode.

You can read the whole official announcement here.

Richard Bejtlich, a well-known security expert, published an insight on how to setup a FreeBSD network sensor for traffic sniffing:

Several of you have asked about my experiences using FreeBSD sensors inside VMware Workstation. I use VMs in my Network Security Operations class. I especially use VMs on the final day of training, when each team in the class gets access to a VM attack host, a VM target, a VM sensor, and a VM to be monitored defensively. As currently configured, each host has at least one NIC bridged to the network. The sensor VMs have a second interface with no IP also bridged to the network. When any VM takes action against another, the sensors see it. This scenario does not describe how a VM sensor might watch traffic from a tap, however.

I decided to document how to use VMware to create a sensor that sniffs traffic from a tap. I outline two scenarios. The first uses a port aggregator tap with a single interface out to a sensor. The second uses a traditional tap with two interfaces out to a sensor.

Read more at source.

Notice that performances could be slightly worst than in a physical box so you should test the solution before adopt it in production.
I would also perform a packet count on both physical and virtal machines during the wiretap.

After three months since VirtualCenter 1.3.0 release, VMware shot out a minor update.

This release is not related with the vulnerability releases posted before Christmas.

VirtualCenter 1.3.1 (build 18881) is just a maintainance bug fix release. Check the Known Issues and Resolved Issues for information on what’s been changed.

You can download it here.

Another important release today: QEMU 0.8.0.
This new version brings in many wanted features:

• Support for ARM Integrator/CP board system emulation
• Support for MIPS R4K system emulation
• Initial SMP support on x86 (up to 255 CPUs !)
• Many new audio emulation features
• Initial USB support
• New networking options for VLAN support between several QEMU instances

The full changelog is here. The bits are here.

A new major security issue was found and communicated to VMware before posting on SecurityFocus (as ethical bug hunting should always be).

The flaw permits a malicious guest OS configured to use VMware NAT networking (VMnet8) to execute arbitrary code on host OS.
VMware products afflicted are Workstation 5.5, GSX Server 3.2, ACE 1.0.1 and Player 1.0.0.

To track the issue monitor the related VMware Knowledge Base article.

While the VMware Player is just released as 1.0.1 to fix the vulnerability, VMware still expected to release updated bits for Workstation, GSX and ACE.

Meanwhile you should disable the VMware NAT networking device as explained in this VMware Knowledge Base article.

Update: All afflicted products are now updated:

• Workstation 5.5.1 (b19175)
• GSX Server 3.2.1 (b19281)
• ACE 1.0.2 (b19206)

All of them are available for downloading here.

After just 9 days from 1.0 release, VMware already updated its Player product.

The new build (19317) addresses a major security issue discovered and communicated to VMware before posting on SecurityFocus (as ethical bug hunting should always be).
The flaw permits a malicious guest OS configured to use VMware NAT networking (VMnet8) to execute arbitrary code on host OS.
To track the issue monitor the related VMware Knowledge Base article.

Download Player 1.0.1 here as usual.

Thanks to Rich for the important news!

PearPC is the Apple MacOS for PowerPC emulator on x86 architectures. After more than a whole year of silent development PearPC project reached 0.4 version:

It took a while but here is finally the long awaited 0.4.0 release. This is the first release with G4 support by Daniel Foesch (you have to enable it in your config). Other feature include support for native CD-ROMs (no need for images) and endianess safety (i.e. you can run PearPC on big-endian systems).

Changelog is here. The bits are here.