virtualization.info Editors

Hardware virtualization allows multiple operating systems to run simultaneously on the same hardware. With such a system, many servers can run on the same physical host, providing more cost-effective use of valuables resources, including CPU, power, and space. Additionally, separate instances of one or more operating systems can be isolated from each other, providing an additional degree of security and easier management of system-wide resources like configuration files and library versions.

Up until now, there have been no open source solutions for efficient, low-level virtualization of operating systems. But now there’s Xen, a virtual machine manager (VMM) developed at the University of Cambridge.

Xen uses a technique called paravirtualization, where the operating system that is to be virtualized is modified, but the applications run unmodified. Paravirtualization achieves unparalleled performance, while still supporting existing application binaries.

At the moment, Xen supports a slightly modified Linux 2.4 kernel and NetBSD, with full support of OpenBSD coming in a few months. Xen even supports an experimental version of Windows XP (however, XP cannot be distributed, except to those who’ve signed Microsoft’s academic license), and ports of Linux 2.6 and Plan 9 are in development.

Xen 1.0 has been publicly available for just over a year, and Xen 2.0 will be released shortly after you read this. This article discusses the benefits of hardware virtualization, explains why Xen was built in the first place, and previews some of the exciting, new features available in 2.0.

What is Xen?

Think of Xen as a next generation BIOS: Xen is a minimally invasive manager that shares physical resources (such as memory, CPU, network, and disks) among a set of operating systems. Effectively, Xen is transparent, as each operating system believes it has full control of its own physical machine. In fact, each operating system can be managed completely independent of one another.

Moreover, Xen divides resources very rigidly: it’s impossible for a misbehaving guest (an operating system that runs on a Xen host) to deny service to other guests. Simultaneous yet discrete operation is incredibly valuable.

For example, consider the problems inherent with hosting a set of services for different user groups. Perhaps you’re an application service provider, selling rack mount web server accounts. Or, perhaps you want to install a set of dissimilar services on the same physical host, but want avoid the overhead of trying to get system-wide configuration files to play nicely with all of them. Xen allows the installation of many operating system instances on the same host.

Xen is also useful in factoring servers for enterprise administration. The database administrator and web administrator may have entirely separate OS configurations, root shells, and so on, while sharing common physical hardware.

Virtualization has applications for home users, too. For example, consider the benefit of application sandboxing: applications that are at risk for attack by worms or viruses (think web browsers and email clients) can be run within a completely separate virtual machine. If, for whatever reason, one sandbox becomes infected, it can simply be destroyed and recreated, leaving the rest of the system untouched. The same applies for downloading applications off of the Internet that you don’t necessarily trust, like games or file sharing tools — just run them in a separate, isolated, OS instance.

Unlike User Mode Linux (UML, see http://www.linux-mag.com/2004-01/uml_01.html) and Bochs (see http://www.linux-mag.com/2003-10/guru_01.html), Xen provides excellent performance. Unlike virtual servers, Xen provides real low-level resource isolation, preventing individual operating system instances from interfering with the performance of others. And unlike commercial virtualization packages, Xen is free.

Paravirtualization

Many other existing packages for virtualization do what’s often referred to as pure virtualization. In pure virtualization, the virtualization layer presents an exact replica of the underlying physical hardware to the operating systems that run above it. Many CPUs make such a form of virtualization very easy, in some cases even providing specific support for it.

One big benefit of pure virtualization is that the operating system software need not be modified to run, because it sees the illusion of raw hardware. Unfortunately, x86 processors do not provide specific support for virtualization. More specifically, they don’t virtualize very well at all. (To understand why pure virtualization is so inefficient, see the sidebar “Why Pure Virtualization is Bad.”)

———————————————–
Sidebar: Why Pure Virtualization is Bad

Xen’s approach to virtualization is called paravirtualization: the interfaces presented to the operating system are not those of the raw physical devices. While paravirtualization enhances performance, it comes at a cost: operating system code must be modified before it can run on Xen. In essence, Xen is a new architecture, slightly different from x86, that operating systems must be ported to.

There are three crucial problems with purely virtualizing the x86 architecture, and all are very difficult to address, as solutions are bound to introduce a severe performance overhead.

– PAGE TABLES
Memory management is quite tricky to virtualize effectively. The virtual machine manager often provides the guest with a shadow page table, which appears to be a set of physically contiguous memory, and then remaps all accesses to this page table behind the scenes (at considerable cost).

Xen’s approach is to let the OS know what pages of memory it really has (machine addresses) and then allow a mapping onto a contiguous range (pseudo-physical addresses). This means that the OS can have raw access to its page table, with Xen being involved only to validate updates for safety (specifically, to prevent one OS from attempting to map memory that doesn’t belong to it.).

– PRIVILEGED INSTRUCTIONS
Certain instructions on x86 (pushf, for instance) only result in a trap when run in supervisor mode (CPU ring zero, where the operating system normally lives). However, when virtualized, the operating systems no longer runs at the appropriate level, and these instructions no longer result in traps.

In full virtualization this is commonly addressed with a technique called code scanning: the virtual machine manager examines the executing binary and redirects these calls. But since this run-time scanning can be very expensive, Xen does it beforehand. One of the tasks involved in porting an OS to Xen is to replace privileged instructions with the appropriate calls.

– I/O DEVICES
Sharing I/O devices such as network cards with pure virtualization means that the device driver in the guest OS must be able to interact with what it thinks is the raw physical device.

Rather than providing support for a virtualized version of every possible peripheral device, one approach is to map all underlying devices to the illusion of a single common one. This means that as long as the operating system running on top has support for that device, it will run without problems. Unfortunately, this also means that the system ends up running two device drivers for each device. In the case of network interfaces, extra device drivers typically mean extra copies, and so result in a per-byte overhead on each packet sent and received.

The paravirtualization approach to this problem is to provide the guest with a single idealized driver for each class of device. In the case of network interfaces, the guest OS driver interacts with a pair of buffers that allow messages to be sent and received without incurring an extra copy as they pass to Xen.

Solving these problems for pure virtualization is hard work, and several other software projects have made heroic efforts to reduce the associated performance costs.

In designing Xen, the software’s development team came to the conclusion that these just weren’t the right problems to solve. Paravirtualization seems to work quite a bit better, despite the one-time effort of porting an OS. And that cost is actually slight: the original port of Linux to run on Xen involved changing or adding about three thousand lines of source code, representing about 1.5 percent of the total Linux source. Moreover, about half of the changes are in the code for the new device drivers.
———————————————–

With Xen, most of the changes required to paravirtualize an existing OS are in the architecture-specific part of the operating system code. (The Linux 2.6 for Xen effort aims to further isolate the code in hopes that Xen will be included as a separate architecture within the 2.7 kernels.)

The paravirtualization of device drivers (described in the “Why Pure Virtualization is Bad” sidebar) adds another benefit: device drivers only need to be implemented once for all operating systems. Any guest can use any driver that’s supported by Xen.

Xen’s Latest Tricks

The initial release of Xen focused largely on making virtualization work and providing hard performance isolation between guest operating systems. In the year since getting isolation to work, many new features have been added that really demonstrate the benefits of virtualization.

– IMPROVED RELIABILITY
Because Xen strictly isolates operating system instances, system reliability is enhanced.

Device drivers are commonly seen as a major source of instability. As drivers run in the kernel, driver bugs have a tendency to run amok, corrupting system memory and causing crashes.

In the original release of Xen, device drivers ran within Xen itself, exporting a common interface to all guests regardless of the specific device they were using. This simplified device support in the guest, but was ultimately a bad decision, because a driver crash could potentially crash Xen itself, just like in a non-virtualized OS.

In Xen 2.0, the Xen developers attacked this problem head-on, moving drivers up into their own guest OS domains. Drivers now run in an isolated virtual machine in the same way that a guest operating systems does, yet drivers remain shared between guests as before. When a new domain is configured, the administrator chooses its hardware. Examining a hardware bus from within a guest only reveals the devices that have been exported to it.

The performance of placing device drivers in a completely separate OS instance is surprisingly good. Xen 2.0 includes specific mechanisms for the page-flipping that was used to transfer network data in the original release of Xen. Guests can share and exchange pages at very low overhead, and Xen carefully tracks page ownership to ensure stability in the case of a crashing or misbehaving guest.

The additional cost to consider is context switch times, because now both the driver and the guest must be scheduled before an inbound packet or disk block is received. Fortunately, due to the bulk nature of both of these types of devices, drivers are largely able to batch requests, resulting in minimal performance degradation.

Xen can still allow raw device access to guests that need it by making the hardware visible to a guest. This is suitable for devices that are generally used by a single domain, such as video and sound, with one caveat: allowing device DMA access to guests is very dangerous. On the x86, DMA has unchecked access to physical memory, and so an erroneous (or malicious) target address can result in the overwriting of arbitrary system memory. Hopefully, newer I/O MMU support in emerging hardware can help address this particular issue, as it’s a major problem in existing systems.

In the common case though, where raw device access isn’t needed, driver isolation adds plenty to reliability. As an added benefit, driver crashes may be corrected in a running system. A privileged guest in Xen can be configured to monitor the health of each driver. Should the driver become unresponsive, crash, or attempt to consume excessive resources, it can be killed and restarted. Fault-injection experiments have shown that restarts are very fast, on the order of a hundred microseconds. A network card can crash and be restarted almost unnoticed as a transfer is in progress.

Finally, there are commonly large differences between drivers for the same device on different operating systems. A Linux driver may expose hardware features that are missing from its Windows counterpart, or a Windows driver may exist where Linux simply isn’t supported. Such disparities are largely due to organization: driver support for a specific platform needs an interested community of users to demand it, and considerable OS expertise to develop it.

Virtualization puts an interesting twist on the age-old problem of driver support. Hardware drivers can be written once, using whatever OS they choose. Xen’s current, sample drivers are Linux drivers running on a cut-down Linux kernel. With those in place, all that’s left to do is write the idealized drivers for each guest OS to interface with the top of the hardware driver.

– SUSPEND AND RESUME
Encapsulating application and OS state within a managed virtual machine allows for a range of exciting system services. One of the most useful of these is the ability to suspend a virtual machine and resume it at another time or in another place.

For example, a complex application can be configured in isolation from the rest of the system and within its own OS instance, and can then be “canned” so that a fresh copy of the application can be quickly instantiated whenever necessary.

Suspending a VM requires Xen to store its configuration and execution context to a file. Configuration details include parameters such as CPU allocation, network connections, and disk-access privileges, while execution context contains memory pages and CPU and register states.

Although resuming a virtual machine is largely a matter of reinstating its configuration and reloading its execution context, it’s somewhat complicated by the fact that the newly-resumed virtual machine will be allocated a different set of physical memory pages. Since Xen doesn’t provide full memory virtualization, each guest OS is aware of the physical address of each page that it owns. Resuming a virtual machine therefore requires Xen to rewrite the page tables of each process, and rewrite any other OS data structures that happen to contain physical addresses. This task is relatively simple for XenLinux, as most parts of the OS use a pseudo-physical memory layout, which is translated to real physical addresses only for page-table accesses.

– LIVE MIGRATION
Virtual machine migration can be thought of as a special form of suspend/resume, in which the state file is immediately transferred and resumed on a different target machine. Migration is particularly attractive in the data center, where it allows the current workload to be balanced dynamically across available rack space.

However, although Xen’s suspend/resume mechanism is very efficient, it may not be suitable for migrating latency-sensitive or high-availability applications. This is because the virtual machine cannot resume execution until its state file has been transferred to the target system, and this delay is largely determined by its memory size: a complex VM with a large memory allocation takes a correspondingly long time to transfer.

To avoid prolonged downtimes, Xen provides a migration engine that transfers a VM’s configuration information and memory image while the VM is still executing. The goal of the migration engine is to stop execution of the VM only while its (relatively tiny) register state is transferred. The “fly in the ointment” is that this can lead to an inconsistent memory image at the target machine if the VM modifies a memory location after it’s been copied. Xen avoids these inconsistencies by detecting when a memory page is updated after it is copied, and retransferring that page.

To do this without requiring OS modifications, Xen installs a shadow page table beneath the VM. In this mode of operation, the guest’s page table is no longer registered with the MMU. Instead, regions of the guest page table are translated and copied into the shadow table on demand.

Shadow page tables are not new: they are used in fully-virtualizing machine monitors such as VMware’s products to translate between a guest’s view of a contiguous physical memory space and the reality that its memory pages are scattered across the real physical memory space.

Shadow page tables are not used by the migration engine for full translation, but for dirty logging. The page mappings in the shadow table are therefore identical to those in the guest table, except for pages that the migration engine has transferred to the target system. Transferred pages are always converted to read-only access when their mappings are copied into the shadow table, and any attempt to update such a page causes a page fault. When Xen observes a write-access fault on a transferred page, it marks the page as “dirtied,” which informs the migration engine to schedule another transfer. Writable mappings of the page are again permitted until the page is retransferred (and again marked read-only).

Future Work

Xen is still in active development. In fact, by the time you read this article, there will likely be many new features available. Here is just a small sample of what you can look forward to:

– FINE-GRAINED RESOURCE ACCOUNTING
One of the next releases of Xen will provide a real-time account of all the resources used by each active OS. This allows each guest OS to be charged for resources consumed and can also be used to establish consumption limits.

– XENOSERVERS
Xenoservers is a project to globally distribute a set of Xen-based hosts. The intent is to deploy Xen on a broad set of hosts across the Internet as a platform for global service deployment. (More information is available on the XenoServers web site at http://www.xenoserver.org)

Getting Xen

Xen and XenoLinux are available as a single ISO image that can be downloaded and burned to CD. The CD is bootable, so you can bring up a demo without modifying your system simply by booting off the Xen CD.

The ISO image is available from Sourceforge and via BitTorrent. See the Xen download page at http://www.cl.cam.ac.uk/Research/SRG/netos/xen/downloads.html for links.

VMware was founded in January, 1998 to bring mainframe-class virtual machine technology to industry-standard computers. In 1999, VMware delivered its first product for the desktop, VMware Workstation. VMware Workstation has revolutionized software development by making it possible to develop faster, test more comprehensively and deploy even the most complex enterprise applications in virtual machines. The product is now a de-facto standard for development with more than 2.5 million users.

VMware entered the server market in 2001 with VMware ESX Server and VMware GSX Server. ESX Server and GSX Server are virtual infrastructure software products for partitioning, consolidating and managing computing resources. The products have been adopted by thousands of IT organizations worldwide and have saved customers hundreds of millions of dollars in costs through providing server consolidation, fast provisioning and disaster recovery.

In 2003, VMware introduced 2-Way VMware Virtual SMP (symmetric multiprocessing) that allows virtual machines to span two physical processors, making virtual machines ideal for resource-intensive enterprise applications.

Also in 2003, VMware launched VMware VirtualCenter with groundbreaking VMotion technology, and the company firmly established itself as the thought leader in the fast-growing virtual infrastructure marketplace. VirtualCenter is virtual infrastructure management software that provides a central point of control for virtual computing resources. Using VMotion technology, virtual machines can be migrated while running, allowing for dynamic load balancing and zero-downtime maintenance.

In 2004, VMware delivered the VMware Virtual Infrastructure Software Developer Kit that provides standards-based interfaces that enable ISVs, partners and customers to control VMware virtual infrastructure and to integrate virtual infrastructure deployments into existing management frameworks.

VMware delivered support for 64-bit computing in 2004, once again extending virtualization capabilities for industry-standard platforms. VMware also announced it would deliver 4-Way VMware Virtual SMP, making it possible to extend the benefits of virtual infrastructure to the most demanding enterprise workloads.

Also in 2004, VMware introduced a breakthrough new enterprise desktop management and security product, VMware ACE. VMware ACE is targeted at the problems of contractor, telecommuter and mobile laptop management and enables IT managers to provision secure, standardized PC environments throughout the extended enterprise. With the introduction of VMware ACE, VMware again demonstrated its relentless innovation and aggressive technology leadership.

“In just seven years, VMware has successfully created a new category of software, virtual infrastructure, and is poised to extend our leadership position in this market,” said Diane Greene, president of VMware. “We are an organization that thrives on consistently bringing innovative ideas to market in highly robust and high value products.”

VMware firsts include:

– First to demonstrate the value of virtualization on commoditized platforms
– First to virtualize the x86 architecture (VMware Workstation)
– First to deliver a hosted virtual machine monitor; the hosted architecture integrates a virtual monitor with an existing operating system (VMware Workstation)
– First to enable transparent memory sharing of virtual machines on a commoditized platform (VMware ESX Server)
– First to handle a modern I/O subsystem in a virtualized x86-based system (VMware ESX Server)
– First to enable a single virtual machine to span multiple physical processors on an x86-based system (VMware ESX Server)
– First operating system to support 64-bit extensions on an x86-based system (VMware ESX Server)
– First to enable a running virtual machine to move across physical boundaries (VMware VMotion)
– First to enable automatic conversion of a physical x86-based environment, including the operating system and applications, into a virtual environment (VMware P2V Assistant)
– First to deliver comprehensive Virtual Rights Management technology (VMware ACE)

VMware’s comprehensive virtual infrastructure solutions for enterprise desktops, servers and development and test groups solve the hard problems of efficiency, flexibility and security and provide an easy on-ramp to next generation computing models.

Key facts about VMware:

“We are honored to be identified by one of the industry’s most respected publications for our ongoing commitment to innovation and excellence” said Karthik Rau, director of product management for VMware. “The past year we saw virtual infrastructure mature and become the de-facto standard among leading enterprise IT departments for making the data center scalable and manageable. It is exciting for VirtualCenter to be singled out for its strategic value to our customers.”

Used by thousands of IT organizations worldwide, VMware VirtualCenter is virtual infrastructure management software that provides a central and secure point of control for virtual computing resources. VirtualCenter creates a more responsive data center, enabling faster reconfiguration and reallocation of applications and services. VirtualCenter allows for instant provisioning of servers and decreases user-downtime while optimizing the data center.

VirtualCenter provides a powerful way to connect IT to business needs. With VirtualCenter, IT infrastructure becomes more flexible, efficient and responsive. VirtualCenter uniquely leverages virtual computing, storage and networking to improve data center management and reduce cost. Together with VMotion technology, virtual machines can be migrated while running for dynamic load balancing and zero-downtime maintenance.

VMware is virtualization software that allows the running of multiple operating systems at the same time on Intel x86 architectures. It was and is developed by VMware Inc. and it has three product lines, namely Workstation, GSX, and ESX. We will be using Workstation. You can download a free evaluation version here.

Several tools included in the CD are only available for GNU/Linux platforms. One of the advantages of using VMware is that it permits the implementation of the Honeywall under any operating system supported by this program. Up until the CD was released, the only way to install a complete Honeywall under Windows (with traffic limiting capabilities using iptables, for example) was to first install VMware and then configure a GNU/Linux distribution under it. But now, with the introduction of the Honeywall CDROM this task is very straightforward.

Another reason for implementing the Honeywall using VMware is that by default, Honeywall uses all resources of the machine you install it on. If a virtual environment is used then this is restricts the Honeywall to use only the resources inside the virtual machine. The advantage is that it is not necessary to consume all the resources of a machine to install the Honeywall CDROM.

You will be able to see demo live in Birmingham on January 13th where you can ask me questions in-person.

The first blogcast is an introduction to the environment I’m using to perform the migration and can be viewed by clicking here.

The second blogcast is using the gatherhw tool to generate an XML manifest cataloguing the hardware in my NT4 Server. This can be viewed by clicking here.

The third blogcast walks through validating the XML file describing the hardware which the server being migrated is running. It can be viewed by clicking here.

The fourth blogcast walks through generating the P2V (physical to virtual) files used for the remainder of the migration. It can be viewed by clicking here.

The fifth blogcast walks through updating the script files to ensure the generated P2V migration files work correctly in the environment validating the XML file describing the hardware on the server being migrated and adds an device to ADS for the target Virtual Server machine. It can be viewed by clicking here.

Vanderzweep: If you look at our virtualization strategy and think about a graph with an X-Y axis, in the bottom right-hand corner, I’d label that element virtualization, that is the first step in virtualization. The middle box would be integrated virtualization, and up in the top corner — nirvanah — would be something we call the complete IT utility.
Element virtualization is absolutely mainstream. It’s hard not to find a customer who hasn’t, on an Intel server, used DM ware to partition that server into two machines. It’s hard not to find a customer who hasn’t put in a storage array instead of dedicated storage on a server-by-server basis. What element virtualization is all about, though, is virtualizing only one thing, cutting a server in half into two logical servers.
The next step on that graph, integrated virtualization, is where the innovation in the industry is now and certainly where our focus is. That’s where Virtual Server Environment [fits]. It uses those virtualization pieces, but instead of saying, “I need to divide this server into two,” it gets a lot of that automation that’s required. You simply say, “I need sub-second response time for my Web retail system, and I need two-second average response time for my ERP system and I need 30 minute turnaround for batch jobs for my HR system for payroll run.”
You tell the control software, the Virtual Server Environment software, the service levels that you need, and then it will keep moving resources around, changing the size of partitions on the fly to meet those service levels. You can see the difference where we were in the past with element virtualization: [There] we cut a 10 CPU server into two CPUs for Oracle, four CPUs for PDA, for instance. With integrated virtualization, you don’t specify CPUs.
When you get to the Complete IT Utility, that’s where all your data centers, all its resources, are automatically flowed to the right application, at the right time; all the server resources, network resources, storage resources and the software is automatically reprovisioned and moved around in a heterogeneous environment — Windows, Linux, HP/UX, whatever kind of operating system. That’s a little bit more complex to do.
We start them with the basic elements of virtualization, move them towards integrated in some projects and get multiple projects together and then finally move them toward Complete IT Utility.

ECT: And this is something HP already is doing for some clients — moving them to Complete IT Utility?

Vanderzweep: Yes. Primarily where we do the Complete IT Utility for a customer that looks at our portfolio of element, integrated and complete, they usually say, “You know HP, I want to go straight to the top right-hand corner — to the Complete IT Utility,” They will also say, “Ed, HP, since you’re already doing this in your datacenter, why don’t you manage my datacenter or outsource my datacenter and give me all those benefits?”
We’ve done things like that and been public about things like that for many customers — DreamWorks, for example, where we manage their infrastructure and, as they produce a film like “Shrek” or “Shrek 2,” they need to render a film, we do that for them and we charge them based on the number of frames rendered in the film. We’ve really connected up to their business.
Amadeus — you’re probably familiar with Sabre in North America, the booking system — does the same kind of thing in Europe. They came to HP and fell in love with the Complete IT Utility. They said, “Ok, we’re in the airline booking industry. We write software to do that. You, HP, are good at infrastructure. We get paid by the likes of Lufthansa — say, 25 cents — every time we book a seat and a customer actually sits in it. HP, you provide us with infrastructure that grows and shrinks based on supply and demand, and we’ll pay you 5 cents every time a customer sits on an airline seat.”
The more business they get, the more we have to scale that infrastructure up. The less business they get, the more we have to scale it down. Predominantly, if people want to go straight to the upper right corner, we do that through our managed service offering. We have huge amounts of customers who are doing element virtualization. I’d be surprised if I could find an enterprise HP customer that isn’t using some kind of virtualization. It’s the integrated stuff that probably 10 percent of our customer base is kicking the tires with. The Complete IT Utility is a smaller amount, but we do have a tremendous amount of business with our managed services group — companies like DreamWorks, Amadeus, Procter & Gamble, Ericsson — where we implement these capabilities for customers using the 400 datacenters that we’ve implemented.

ECT: Who do you generally encounter in competitive situations?

Vanderzweep: We definitely see IBM (NYSE: IBM) in there. Especially when you’re looking at heading off into integrated and the Complete IT Utility, it really requires you to coordinate and automate the provisioning of these resources — server, networking, storage, software — so the likes of HP and IBM are very well diversified in the IT industry, selling servers, storage, networking, etc. At HP, we have the ability to build things like the Virtual Server Environment, coordinate resources or go all the way up to the Complete IT Utility and manage a company’s environment.
We were out there talking about our vision for utility computing some years ago and we’ve brought a whole set of these products to market in the last two or three years, so we’ve got references after references after references. Execution is our biggest differentiator.

ECT: How about some smaller companies? Or companies like Sun?

Vanderzweep: Because this is a highly innovative space you’ll see lots of start-up companies out there that are making some big inroads. One start-up company was acquired by EMC (NYSE: EMC) a while ago — VMware — and they’re a good partner of ours versus a competitor. They provide the ability to virtualize an x86 Intel Opteron-type system and slice that up into smaller systems. They’re an interesting company.
We see a lot of other start-ups out there. I went to a venture capitalist conference a little ways back — this is a popular area for venture capitalists to invest in and for start-ups to design software and hardware around this area. If you look out, there are 50, 100 start-ups that have a unique piece of the puzzle here. Some of them, over the past few years have been bought up. We, ourselves, have acquired Talking Blocks, Consera, Novadigm and a few others to round out our portfolio of capabilities.

ECT: And I guess that underscores the growing mainstream nature of the market?

Vanderzweep: Oh yes, definitely. You’ve got a few other major players in the marketplace that are not as strong as HP or IBM because they’re not as diversified. You hear Sun talking a little bit, but they have a small portfolio of capabilities compared with the likes of HP. I don’t run into those guys very much. I go more head-to-head with IBM.

ECT: You mentioned heterogeneous environments and standardizing procedures and administration, but are there any technology standards issues that CIOs should be aware of when considering moving into or expanding their use of virtualization?

Vanderzweep: There are things like working groups like W3C and Oasis are working on, and we’re heavily invested into those standards organizations. Web services plays a big role in this because they make it much easier for applications to be compatible in this world, to move resources around. So we’ve been key to developing some of the Web services standards.
Grid services are now being built on top of Web services, and we’re very active in standardization of grid services as well. In fact, HP now holds the chair position in the Global Grid Forum. Standards are expensive initiatives, but they’re very fruitful as well, because HP likes to be able to build on top of standards, then add value to provide differentiation to the market place.
It’s the 80/20 rule: 80 percent of what the customer gets is standards-based infrastructure, then 20 percent is value-add on top of that, which really can differentiate them in the industry so they’re better than the company down the street. The more we standardize, the more we put into the 80 percent, allows us to innovate on top of that, and once it’s standardized, it reduces our cost and we can take our engineering efforts, our innovation efforts, and put them on top of that standard. It accelerates the industry. It differentiates us in the marketplace: It’s good for customers. It’s good for us.

ECT: I think every IT executive has a horror story about lack of standardization.

Eligibility Requirements
Customers who purchase any Full Product or Academic Product of VMware Workstation during the eligibility period are entitled to get the corresponding VMware Workstation 5, when available, free of charge via electronic download from the VMware web site.

Eligible Products Acquired During Technology Guarantee Program
– VMware Workstation 4.5 (for Windows Operating Systems)
– VMware Workstation 4.5 (for Linux Systems)
– VMware Workstation 4.5 Academic (for Windows Operating Systems)
– VMware Workstation 4.5 Academic (for Linux Systems)

Eligibility Period
Starting from December 16, 2004 to the commercial release of VMware Workstation 5 (expected to occur in the first half 2005).

Conditions
1. Direct Electronic Download Purchases of Workstation 4.5 from VMware: Upon release of VMware Workstation 5, customers who have purchased product during the eligibility period will be able to download the new software from the VMware Web site. At the time of the release, details on how and where to perform the download will be posted on the VMware web site as well as listed on an email that will be sent out to all eligible customers.

2. Packaged Product purchases of Workstation 4.5 from resellers or directly from VMware: Upon release of VMware Workstation 5, customers who have purchased product during the eligibility period and have registered the serial number for product will be able to download the new software from the VMware Web site. At the time of the release, details on how and where to perform the download will be posted on the VMware web site as well as listed on an email that will be sent out to all eligible customers. VMware determines whether the product purchase occurs during the eligibility period based on the shipment date of the product for a specific serial number. In addition, VMware may require presentment of proof of purchase.

3. The free upgrade to Workstation 5 for eligible customers will be fulfilled via electronic download only (not via packaged versions of Workstation 5).

4. Only Full licenses of Workstation 4.5 are eligible products for the VMware Workstation Technology Guarantee Program. A customer who purchases an upgrade license from Workstation 3.x to Workstation 4.5 during the eligibility period is not eligible for this program. The list price of a VMware Workstation Full license is US$189.00 (Electronic Software Distribution) and US$199.00 (Packaged Software Distribution).

5. Customers who have a Workstation 3.x license must purchase a Full license of Workstation 5 when it becomes commercially available in order to upgrade to Workstation 5. We do not have an upgrade license for upgrading directly from Workstation 3.x to Workstation 5.

6. The free copy of Workstation 5 must be on the same platform and language as the original purchase.

7. Customers are required to visit the VMware Web site and enter their VMware Workstation 4.5 license serial number in order to receive their Workstation 5 license.

How Is VMware ACE Used in the Enterprise?
VMware ACE is used across the enterprise to:

– Provision enterprise-standard PC environments on unmanaged remote PCs.
– Provision time-limited, locked-down PC environments on unmanaged guest PCs.
– Secure sensitive enterprise and personally identifiable information on mobile PCs.
– Provision standardized, hardware-independent PC environments on any enterprise PC.

How Does VMware ACE Work?
VMware ACE leverages industry-proven VMware virtual machine technology to provide an isolated PC environment known as an “assured computing environment”. Using VMware ACE Manager, IT desktop managers create projects that include:

– A virtual machine with an operating system, applications, and data
– An application to run the virtual machines
– A set of policies to control the lifecycle and capabilities of the virtual machine

From this project, PC managers create a VMware ACE package that is distributed to end-users via download, DVD, or CD media. VMware ACE enables end-users to run an “assured computing environment” on their desktop or laptop PC. The VMware virtualization layer maps the physical hardware resources to the VMware ACE virtual machine resources, providing the full equivalent of a standard x86 machine within the assured computing environment.

VMware ACE Key Features

Manageability
– Design once, deploy anywhere. Create standardized hardware-independent PC environments and deploy them to any PC throughout the extended enterprise.
– Virtual Rights Management interface. Control VMware ACE lifecycle, security settings, network settings, system configuration and user interface capabilities.

Security
– Rules-based network access. Identify and quarantine unauthorized or out-of-date VMware ACE environments. Enable access to the network once the VMware ACE environment complies with IT policies.
– Tamper-resistant computing environment. Protect the entire VMware ACE environment, including data and system configuration, with seamless encryption.
– Copy protected computing environment. Prevent end users from copying enterprise information.