Scott Hanselman is another big fan of virtualization and published on his blog some tips (directly from MS) for VPC optimization.
You’ll find them here.
virtualization.info Editors
Microsoft Virtual Server 2004 enters in Beta phase
VS finally left the long customer preview phase (just a month was left before license expiration, after already an extension) and entered in beta phase. Many (long awaited) new features are included and few disappeared.
It’s becoming much clearer what VS will be and what place will have on virtualization market.
Repackaging applications 6 times faster using InstallShield AdminStudio and VMware Workstation
With AdminStudio, you can leverage InstallShield’s knowledge of industry-standard installation formats to precisely and rapidly package your script-based setups authored with InstallShield technology. AdminStudio comes with automated InstallShield SmartScan technology that automatically extracts information that other packaging tools miss
InstallShield’s AdminStudio now seamlessly integrates with VMware Workstation, saving system administrators significant time during repackaging and application migration projects.
Read this whitepaper here.
Virtual PC Services Insecure Temporary File Creation
Application: Connectix Virtual PC 6.0.x / Microsoft Virtual PC 6.1
Platform: Mac OS X
Severity: Local privilege escalation
Author: George Gal Vendor Status: Vendor has updated version of the software CVE Candidate: CAN-2004-0115
Reference: www.atstake.com/research/advisories/2004/a021004-1.txt
Overview:
Virtual PC is a popular x86 virtual machine emulator capable running several guest operating systems under the Mac OS X and Windows platforms. Virtual PC provides a set of services for managing network sharing capabilities under Mac OS X. These services are spawned from the setuid root binary, VirtualPC_Services, which creats several temporary files when it is executed. The VirtualPC_Services does not check for several unsafe conditions prior to creation of these temporary files. As a result an attacker with interactive login access to the system may leverage insecure temporary files to become root or overwrite critical system files.
Details:
@stake has identified a vulnerability within the setuid root binary,
VirtualPC_Services, due to its inability to check for dangerous
conditions prior to temporary file creation. This vulnerability
allows an attacker to truncate and overwrite arbitrary files in
addition to creation of arbitrary files with insecure file
permissions.
Using this vulnerability it is feasible for an attacker to gain root
privileges on the system. The VirtualPC_Services binary creates a
log file upon startup as /tmp/VPCServices_Log. An attacker may
create a symbolic link in the /tmp/ directory as VPCServices_Log
pointing to an arbitrary file to be overwritten when the
VirtualPC_Services binary is executed. However, when the symbolic
link points to a non-existent file a new file is created with file
permissions determined by the unprivileged user’s umask(2) settings.
Vendor Response:
Microsoft has an updated version of the software available.
Download information available at:
http://www.microsoft.com/technet/security/bulletin/MS04-005.asp
Recommendation:
If possible install the updated version of Virtual PC.
Do not install Virtual PC on a multi-user machine. If this is a
requirement, only allow users with in a particular group to access
Virtual PC.
Virtual PC 2004 vs. VMware 4 Performance Review – Part II
Hernán Di Pietro is back with second part of VCP vs VMware beckmarks comparison!
Why a second review? Cause on the first one he benckmarked a Windows 98 SE guest while now he’s testing a Windows XP virtual machine, and results are quite different…
Take a look at this short update here.
Forensic Analysis with VMware and SMART
Just found an interesting article titled: Using Linux VMware and SMART to Create a Virtual Computer to Recreate a Suspect’s Computer.
In the introduction author, Ernest Baca, says:
Since beginning my endeavors with computer forensics, I have always wanted the ability to boot up a suspects computer just to see what the user saw when he was using the computer. So many times I have done computer forensic exams in which proprietary software is used. Simply looking at directory structures sometimes just doesn’t cut it. Also, how many times did I make case agents go out and buy accounting software in order to run the target’s data, not to mention figuring out which files to extract.
The old method of booting the target’s machine consisted of cloning the target’s drive with Safeback, then installing it into a sterile computer or the suspect’s computer. I never liked the former method because of hardware issues and I never liked the latter because I like to touch the target machine as little as possible. All this hassle, not to mention I would still have to image the suspect’s computer again in order to do my forensic examination.
Is there a solution? I have found a solution that simplifies and speeds up the process. I am utilizing Linux, VMware for Linux, and SMART. Just what is Linux, VMware for Linux, and SMART? Well, as you all know, Linux is an operating system. What few people realize is just how powerful this operating system is when it comes to computer forensic work. VMware for Linux is a software package that enables you to create a virtual computer within your Linux operating system. SMART is a graphical computer forensic tool written for the Linux operating system. Why SMART? You will see later in this paper when I discuss the imaging capabilities of SMART. These capabilities make it probably the best imaging tool I’ve seen to date, not to mention the computer forensic tools built in to SMART.
I will present a step-by-step procedure on how to create a virtual computer out of your suspect’s machine and image your suspect’s machine at the same time for forensic analysis. It’s a system I call SMART Forensics.
Read whole paper here.
Virtual PC 2004 vs. VMware 4.0 Performance Review
Finally someone did the great step 🙂
Bink.nu reports:
A simple performance comparison between two well-known “virtualization” software packages, both commercial: Virtual PC 2004 and VM Ware Workstation 4.0. Both virtual machines were configured with a 1024x768x32 desktop resolution, WIndows 98 SE and 256 MB RAM.
The test system hardware is as follows:
AMD XP 2600+ (1.92GHz), 333MHz FSB, 512k L2 cache (Barton)
nForce2 Ultra400 Based board (Abit NF7-S 2.0)
1024 MB RAM, DDR 333MHz
40GB WD hard disk
GeForce 4 MX, 64MB DDR AGP video card
Windows XP, Service Pack 1
Here the interesting comparison!
Self-made Physical to Virtual (P2V) migration with VMware
VMware itself (and other third party vendors) offers a tool called P2V Assistant to move a working OS from a physical machine to a virtual one, without facing different HAL. Great but this jewel can cost up to $15.000…
Do you need P2V migration but can’t budget so much? No problem: a couple of very active VMware newsgroups users developed a self-made method and published it. I copy and paste here for you all, but remember: I still didn’t tried it and I cannot assure it works.
Let’s start:
Overview:
This document lists steps required to create a virtual machine in VMWare
from an existing physical machine. These instructions were originally
written for the VMWare ESX Server product, but have been tested and verified
by the writer on one single conversion in VMWare Workstation v4.0. The
information herein was originally found on the VMWare newsgroup
(news.vmware.com) under the ESX Server product in a thread that begins with
“Norton Ghost.” There is still some valuable information out there the
reader wishes to do more research. Original instructions called for using a
“Ghost cast floppy via x-over” to create and restore the image of the
physical machine. However, this document will go from the perspective of
having a ghosted image on CD or DVD, which is how we image our systems for
duplication. The process is described in summary below, and subsequently in
full detail. Note that the writer makes no guarantees as to the accuracy of
the information herein, but is simply communicating how this has worked on
one occasion.
————————————
————————————
High-level Process Overview:
1. Obtain a bootable CD or DVD that contains the image you wish to
convert.
2. Create a new MS-DOS virtual machine of the correct size (i.e., at
least the same size as the physical partition that was Ghosted) and boot it
from the Ghosted CD or DVD.
3. Restore the Ghosted image to your new virtual machine.
4. Configure another virtual machine with the same operating system as
the one you just restored from the Ghosted image.
5. Boot another virtual machine with the same operating system as the
one you just restored from the Ghosted image
6. Boot the virtual machine you just created.
————————————
————————————
Detailed Instructions:
These instructions assume that a Ghosted image already exists on a bootable
CD or DVD. You will also need an existing virtual machine with the same
operating system as the image you wish to convert. For example, if you have
an image of Windows 2000 Advanced Server, you will need an existing
installation of Windows 2000 Advanced Server on VMWare. In addition, this
assumes that the image you are converting has been created with an IDE
drive. Converting SCSI drives is very complicated and not within the scope
of this article. Please read and execute these instructions carefully, as
each step within depends on successful completion of the previous step!
————————————
1. Obtain a bootable CD or DVD that contains the image you wish to
convert.
————————————
2. Create a new MS-DOS virtual machine of the correct size and boot it
from the Ghosted CD or DVD.
2.1. Start VMWare
2.2. Go to the File menu, choose New, then New Virtual Machine and click
Next.
2.3. Click Custom, then Next.
2.4. Under Guest Operating System, choose MS-DOS. This is important
because VMWare will look at this virtual machine as an IDE drive. Again,
attempts to convert a SCSI image did not work in this scenario. I am not
sure why.
2.5. Under Virtual Machine Name, choose a name for the virtual machine you
will ultimately be using after conversion.
2.6. Next, choose how much memory you wish to allocate to the virtual
machine you will ultimately be using after conversion. Note that these
numbers can be changed by the individual user based on how much memory they
will use keeping in mind how much physical RAM they have.
2.7. Click Next.
2.8. Under Network connection, choose Use bridged networking and click
Next.
2.9. Click Create a new virtual disk and click Next.
2.10. Under Specify Disk Capacity, you need to specify,
in gigabytes, how large to make the new disk. Note that you need to make
the disk size at least as large as the image you are about to restore, and
also need at least as much free space as you specify to allocate.
2.11. Click Allocate all disk space now and click Next. A
warning message will appear asking if you’re sure that’s what you want to
do. Be sure you have enough free space to create that size of a file.
2.12. Click OK to clear the warning message and allocate
the disk space.
————————————
3. Restore the Ghosted image to your new virtual machine.
3.1. With the virtual machine powered off, place the DVD or CD with the
image you want to restore into the DVD drive.
3.2. Boot the virtual machine.
3.3. Follow the instructions onscreen to boot from the CD/DVD ROM drive.
3.4. Follow the instructions to restore the image from CD/DVD onto the
virtual hard drive.
3.5. When imaging is complete, shut down the virtual machine and remove
the CD/DVD from the drive.
————————————
4. Configure another virtual machine with the same operating system as
the one you just restored from the Ghosted image (assumes you already have
another virtual machine with the same OS installed).
4.1. In VMWare, select the virtual machine that has the same operating
system as the one you just restored from Ghost.
4.2. Go to the Edit menu and choose Virtual Machine Settings.
4.3. Click the Add button and click Next.
4.4. Choose Hard Disk and click Next.
4.5. Click Use an existing virtual disk and click Next.
4.6. Use the Browse button to navigate to the VMDK file for the image you
created. For example My Data\My Virtual Machines\Test\Test.vmdk.
4.7. Click OK. The new virtual hard disk will be added.
————————————
5. Boot another virtual machine with the same operating system as the
one you just restored from the Ghosted image. This will allow you to add
the appropriate HAL.DLL file to the virtual machine, thus enabling it to
boot in VMWare.
5.1. Boot the virtual machine to which you just added the new virtual hard
disk.
5.2. Log into the virtual machine as an administrator.
5.3. On the Windows desktop, right-click My Computer and choose Manage.
5.4. Click Disk Management. You should see a disk in the right window
pane for the virtual hard drive you just added.
5.5. Right-click the new hard drive and choose Change drive letter and
paths.
5.6. Assign a driver letter to it (e.g., Z:).
5.7. In the virtual machine you are currently running, navigate to the
system drive\WINNT\system32 folder.
5.8. Search for the HAL.DLL file and copy it to the clipboard.
5.9. Navigate to Z:\WINNT\system32.
5.10. Rename the existing HAL.DLL there to HAL.dll.old.
5.11. Paste the HAL.DLL from the currently running
virtual machine in the Z:\WINNT\system32 folder.
5.12. Go to the Start menu and choose shut down to turn
off the virtual machine.
————————————
6. Boot the virtual machine to which you just created and copied the
appropriate HAL.DLL file. At this point, the virtual machine you created
from the Ghosted image should boot correctly with a minimum configuration
(i.e., no sound, 640×480 resolution, etc.). From here, you will need to
install the VMWare tools in the new operating system.
6.1. In VMWare, select your new virtual machine.
6.2. Go to the Edit menu and choose Virtual Machine Settings.
6.3. Click the Options tab.
6.4. Under Guest Operating System, change it to read the correct OS you
restored from the ghosted image (e.g., Windows 2000Advanced Server). This
is very important, as the next steps will not work properly if you choose
the wrong OS.
6.5. Click OK.
6.6. Click Start this virtual machine.
6.7. Give the virtual machine time to boot and log in as an administrator.
6.8. If you see any plug and play messages at this point telling you to
install new hardware, ignore them.
6.9. Once the machine is booted and the new hard ware massages are gone,
go to the File menu in VMWare and choose Install VMWare Tools.
6.10. Follow the instructions to complete the
installation of the VMWare Tools. This will tell the operating system which
virtual hardware drivers to use so it can talk to the host operating system.
6.11. After the installation of the VMWare tools, you
will be prompted to restart. It is a good idea to do so at this point.
6.12. Once restarted, you may do any additional
configuration and testing of the new virtual machine.
Woooooo!
I would love to receive some feedbacks: post your comments here about this method please.
VERITAS Cluster Server Makes VMware Highly Available
Directly from 19 January announcement:
VERITAS Software Corporation (Nasdaq: VRTS), the leading storage software provider, today announced expanded Linux platform support for SUSE LINUX and VMware
…
VERITAS Cluster Serverâ„¢ is now available for VMware ESX Server, providing customers the first high availability option for VMware. Combining clustering, core storage management and server provisioning technologies, VERITAS delivers the fundamental building blocks for utility computing with heterogeneous availability, performance and automation software on all platforms, including Linux.
…
VERITAS Cluster Server is the first clustering software to make VMware ESX Server host and virtual machines highly available. VMware allows multiple instances of Linux, Red Hat or SUSE LINUX, Microsoft Windows and Novell Netware to run on a single Intel x-86-based server. VERITAS Cluster Server for VMware can monitor each of the virtual machines within the VMware ESX Server and failover any of the machines to another node in the cluster, or to an entire server in the event a server fails.
…
For new customers, pricing for VERITAS Cluster Server for VMware starts at US $1,995 per Linux client.