VMTN Blog

Spooky, scary virtualization videos for your Halloween pleasure. For more technical and industry news, check out Planet V12n -- never a shortage of good stuff.

The Night of the Bleeping Pager

The horror of an unvirtualized datacenter! The relief of VMware Infrastructure 3!

Virtualization nightmares!

VMware technology as anti-anxiety prescription?

VMware customers Chevron, BMC Software, Natixis, Wyse Technologies, and Curtin University, talk about the benefits of new features and enhancements in VMware's latest generation of its flagship virtualization software, VMware Infrastructure 3.

Customers provide commentary on ESX Server 3.5 and VirtualCenter 2.5, including Storage VMotion, Update Manager, Distributed Power Management, and the thin architecture of ESX Server 3i.

Pete has also added a lot of customer testimonials and has more in the queue, including the rest of the fun VMworld video contest entries, so if I were you I'd keep this this YouTube search for VMware handy. And he would like to remind you that Virtualized Hardware Hotel continues to ROCK:

David Davis at Petri IT Knowledgebase has been writing some good articles recently on VMware -- nice intros for the newcomer, and if you go take a look at the full list, getting into some advanced topics as well.

Link: How will VMware ESX Server 3i Change the future of Virtualization?

You are probably already familiar with what VMware ESX Server is, how it is revolutionary, and how virtualization is changing server infrastructure forever. Perhaps you are already an ESX Server user, perhaps not. Either way, the latest version of ESX Server, 3i (currently in Beta) could go even farther than ESX Server 3, in changing the face of your server infrastructure. Let me show you how...

Link: How to choose the right VMware Infrastructure ESX Edition for you.

In our previous article, "VMware Versions Compared", we compared the various products in VMware's product line. For example, the difference between VMware Server, Workstation, and Server ESX. In this article, we will focus specifically on the VMware ESX product line and the VMware virtualization suite called VMware Infrastructure. With a variety of VMware Infrastructure suites and ESX Server product options, it is difficult to know which is right for you. Let's find out...

Link: How to Secure your VMware ESX Server.

As VMware ESX is loaded directly on hardware and is its own virtualization operating system, there are a number of factors to consider when securing it. While, due to its design architecture, ESX is inherently secure, there are still a number of security factors to consider. In this article we will cover the vulnerability points of ESX and how you can ensure that your ESX Servers are as secure as they can be.

Link: How can the new features in VMware Workstation version 6 help me?.

In summary, VMware Workstation is, in my opinion, the most powerful desktop virtualization package available. The new features in version 6 just "up the ante". While it isn't free, like VMware Server is, Workstation has enough features to justify the cost. The more I use virtualization software, the more I find uses for it. It has gotten to the point where I don't know what I did without it. Try out VMware Workstation and I think you will come to the same conclusion.

Link: 3 VMware Consolidated Backup (VCB) utilities you should know.

In our previous article, "What you need to know about VMware Consolidated Backup (VCB)", we provided an overview of how VCB can help you. In this article, we will explore the command line utilities provided with VCB. There is no GUI interface for VCB so these tools are THE tools that you get with VCB. Because of that, if you are using VCB, you must know how to use these CLI tools well. Let's take a look...

Good stuff.

Link: Virtualization Security Guidelines - blog.scottlowe.org

The Center for Internet Security (CIS) has released some security benchmarks for VMware ESX Server 3.0.x.  The ESX security benchmark joins recommendations and guidelines for Windows 2000, Windows XP, Windows Server 2003, Red Hat Linux, and Mac OS X that are also available from the CIS.  The CIS has also published a generic virtual machine (VM) security benchmark as well. Taken together, the ESX benchmark and the VM benchmark provide good, solid recommendations around virtualization security.

The ESX/VM benchmarks are available for download here.

With all the hype around virtualization’s impact on security—positive or negative—it’s good to see some concrete and actionable recommendations.  If nothing else, these documents will at least provide a starting point for security professionals and virtualization experts to discuss the best way to architect solutions without compromising the security of the network/servers.  In fact, we might even find ways to enhance the security of the network/servers.

From VMware's Ben Gertzfield -- Google Tech Talk: Inside VMware Fusion - Infusion: The Fruit of Eris.

This week, I was invited by Amit Singh to present a Tech Talk at Google on VMware Fusion.  I decided to do something a little different and dig down into how VMware's goals of bringing people the apps they need wherever they need them is actually really similar to Google's “everything's a web app” strategy.

If you're a Mac programmer or are interested in how VMware approached developing for the Mac, go see Ben in action on YouTube:

More from VMware's Slava Malyugin: Debugging the virtual world.: Configuring application debugging with Record/Replay.

In my previous article I explained how to debug processes running in Ubuntu 7.04 VM using Record/Replay technology built into VMware Workstation 6.0.1. This article tells how to use Record/Replay debugging with different distributions of Linux.

When debugging an application using Record/Replay, you need to run the debugger on the Host (outside of Virtual Machine). The reason for this is obvious - if the debugger runs inside the Virtual Machine, it will disturb the execution of the VM and you will not get 100% determinism. The downside of running the debugger outside of the VM is that it cannot use kernel services to debug processes.

We solved this problem by teaching our debugger how to implement process-level debugging by traversing Linux kernel data structures. Since the Linux kernel is evolving rapidly, the format of these data structures changes quite frequently. This is why we require users to tell us the offsets of some kernel data structures with the "monitor linuxoffsets" command. ...

Note that these scripts and Record/Replay feature in the WS6.0.1 are not officially supported by VMware. If you have questions or suggestions, the best place to express them is our forum. Thank you.

Sun's Tim Bray has kicked off an interesting cross-blog conversation recently. He calls it the Wide Finder Project, and the basic issue is this: we're moving toward a future of dealing with many CPUs with many cores but with (relatively) low clock rates. What are the interesting computer science and software development challenges this raises? How can we take advantage of architectures like this when dealing with parallelism is just so ... painful using today's paradigms and tools?

One thing I find fascinating about the discussion is how it's coming from a strategic and futures-based motivation, but it's taking place with a real roll-up-your-sleeves hacking ethic.  Tim postulated a simple, almost a toy, problem -- parsing Apache log files. Tim and others are exploring this simple problem and how currently-available languages and language features affect how easy it is to take advantage of multi-CPU, multi-core architectures to rip through the file like a chainsaw through wet cardboard.

Tim started the ball rolling with Erlang (conclusion: wicked cool, but the I/O and regexp libraries aren't up to snuff -- likely a solvable problem) and others have run with it from there.

So why the Wide Finder problem on a virtualization blog? I ran across Kevin Johnson's blog entry A Pile of Lamps.

He starts off in an earlier entry by scaring himself:

At the risk of sounding like a pessimist, I think we'll end up with thousands of little SOA web services engines. Each one handling a single piece. Each one with its own HTTP stack. Each one using PHP/Perl/Ruby/etc to implement the service functions. Each one sitting on top of a tiny little mysql database. Eeeep!  I just scared myself - better drop this line of thought.  I'll have nightmares for weeks.

Kevin points to Andrew Clifford's The Dismantling of IT, which is not talking about v12n per se, but certainly fits into the picture we're drawing here:

The most obvious change is that the new architecture would remove technical layers, such as databases and middleware. These capabilities would of course still exist, but they could be standardised and hidden inside the systems. They would not need so much management, and we would need fewer specialists.

Mark Masterson urges him to reconcile with our future world of cooperating tiny little machines, all busy message-passing and presumably acting somewhat autonomously to avoid the nightmare management burden. Sounds a bit like a job for ... virtualization and resource pools? Or as Kevin puts it:

Is the answer a combination of LAMP, embedded computing, cluster management, and virtualization?

Nice overview of the current situation from InformationWeek's Andrew Conry-Murray. Although it spends a while on the MSFT vs VMW angle, I thought this tidbit on BEA's new LiquidVM-based appliance was interesting -- 25-50% less memory and CPU -- and I assume that's compared to running the JVM on top of Linux.

Link: VMware: New King Of The Data Center? -- Server Virtualization -- InformationWeek.

Applications will always need an operating system to run, right? Not with BEA's WebLogic Server Virtual Edition, or WLS-VE. It replaces the conventional OS with LiquidVM, a microkernel-based Java virtual machine. In turn, the Java VM runs directly on a VMware hypervisor, without the need for Windows or Linux. "We realized the hypervisor had eaten into a lot of what an application needs from an OS," says Guy Churchward, VP and product manager of WebLogic products at BEA.

Java-based applications are ideal candidates for running without a general-purpose operating system, because they already run inside a Java virtual machine, which abstracts the OS functionality of Windows, Linux, and Unix variants. The Java VM provides some OS functions, including memory and CPU allocation, as well as networking (see chart, below). BEA added other capabilities, such as input/output management, that normally are handled by an operating system to the LiquidVM.

Meanwhile, the hypervisor is handling other functions, such as loading device drivers, which are also usually managed by the operating system. The result, says Churchward, is that the OS ended up completely replicating the functionality of the Java VM and the hypervisor.

By jettisoning the OS entirely, Churchward says, WLS-VE consumes 25% to 50% fewer resources, such as memory and CPU cycles, while boosting overall system performance. Other benefits include reduced management, because IT doesn't have to maintain a separate operating system.

Link: VMWare Fusion On Mac Delivers My Best Windows Experience Ever - The Apple Blog.

After installing Windows and Microsoft Office from a ghost image, I rebooted Windows XP from inside VMWare Fusion, and it was as if I had a brand new computer within a computer. Rather than the sluggishness I had expected from a virtual machine, working within Windows on my Mac was just as fast as it ever was on my Dell. Outlook connected with the company network and recognized my login credentials. Internet Explorer and Firefox, utilizing the Internet connection on my Mac, connected to the Web. I could even maximize the Windows OS to full screen (1440 x 900 on my laptop). While seeing a Windows desktop on my Mac was undeniably weird, I knew I had the world’s best Windows laptop on the planet.

From VMware's Slava Malyugin: Debugging the virtual world..

My previous article explained how to use Replay debugger with the kernel. The key benefit of Replay is that you get 100% reproducibility of bugs with low overhead, and can analyze the recording using existing debuggers.

You can debug Linux processes running in the Virtual Machine as well. The approach is similar. First, you need to set up a replayable Virtual Machine. The easiest way is to convert existing Virtual Appliance. Here is how to do it in four steps:

There's a little bit of kernel-specific fiddling that goes on (You need to know different offsets for different kernels, not that you have to recompile your kernel or anything), but for a developer this is like a virtual chainsaw and magic freeze ray combined.

The Replay feature remains experimental in the VMware Workstation 6.0.1. If you have a question or suggestion, or if you discovered a bug, please post here. The engineers working on Replay are checking the forum and will be happy to talk to you.

Check out the new guestdebugmonitor community as well.