VMTN Blog

Link: Grokking VMWare | Jon Watson's Tales from the Motherboard.

I also modded a SQUID VM today by adding SARG and reporting to it. This is a good example of where the true value comes in for us. ...

The SQUID/SARG VM is a great example. It's configured with two NICs - one bridged to the 10. network and assigned 10.0.50.20 and the other set to host-only which provides the Internet access. I can now drop this VM into any of our sites and simply by setting the proxy in the Windows clients to 10.0.50.20:3128 full proxying complete with daily spy-reports are available.

Some apps aren't really suited for a VM, but things like this proxy VM are a great example. Anything that is self-contained and provides some significant functionality is a good candidate for VM'ing.

Link: :: TechBlog :: » Blog Archive » VMTN Virtual Appliances - the 52 that looked interesting to me.

Recently, i got sucked into the VMware Technology Network (VMTN) site - again - and browsing through the many virtual appliances available for download, i managed to compile a list of 52 of my favorites.

The List of 52 Appliances (in no particular order)

1. The Web Developer Appliance
2. FreeNAC
3. SmoothWall
4. SSL-Explorer 0.2.9_04 for VMWare
5. sipX
6. ...

The virtual appliance groundswell continues. Let's look at the evolution of the term over the past year or so:

• Google Trends (some serious data smoothing going on here)
• Technorati (the spike in March was the launch of the Virtual Appliance Marketplace on VMTN; the spike in August was the Ultimate Virtual Appilance Challenge, and the spike in November was VMworld and inclusion of production-ready VA's in the VAM.

The best blog focused on virtual appliances is Virtualization Daily. Recent articles include:

• Poll: How are you using virtual appliances?
• Java is the Cobol of the 21st Century, where he equates BEA's super-cool bare-metal JVM appliance with Cobol. (Kimbro, you're letting your biases show -- lots of Java still being written.)
• Virtualization may redefine the software industry
• IDC predicts software appliances will become a household word in 2007
  

And now Amazon steps in:

Link: InfoWorld Virtualization Report |Amazon Tries Hand at Virtual Appliance

Now, Amazon is climbing aboard with their own version of the virtual appliance, this time called Amazon Machine Images or AMI. Amazon describes the AMI as a packaged environment that includes all the necessary bits to set up and boot Amazon EC2 instances.

The company launched their Elastic Compute Cloud (EC2) - Amazon's hosted, on demand virtual datacenter based on the Xen technology - with hopes of creating demand for a pay-per-use model of virtual machines. To help further market this solution, Amazon has probably been searching for yet another story to get people to try out their technology.

Amazon is now asking its EC2 community members to share their AMIs with other Amazon Web Services developers. The company has even created a tutorial to help introduce members to the idea behind AMI sharing as well as the how-to's of sharing.

And for those interested, Amazon also has their own version of VMware's Virtual Appliance Marketplace - Amazon's Public AMIs, where members can share, download and rate each other's AMIs.

There are currently 9 AMIs on Amazon's site, interestingly enough including a Fedora Core 6 running QEMU running a trial of Windows Server 2003. Whether this conversion of Microsoft's VHD is against its no-conversion EULA I'll leave to the lawyers (although it's a very anti-user move on MS's part) and whether Windows on QEMU on Fedora on Xen/EC2 works well I'd be very interested to know.

Link: The Monash Report»Blog Archive » Proofpoint and VMware – an apparently non-trivial virtual appliance success story.

I talked with Proofpoint today, and got a more positive view about VMware’s virtual appliance strategy than I’ve gotten from other appliance vendors. They cite over 500 downloads in the past couple of months, of which a significant fraction have turned into actual sales. Specific deployment scenarios they mentioned include:

 

• Demo (of course).
• Tweak, test, deploy – between
  patches and new anti-spam rulesets, Proofpoint users seem to have a
  rapid change/test/deploy cycle. Virtualization makes it possible to do
  that without having multiple copies of an appliance.
• Disaster recovery — this seems to      be a big one.
• “Surges” – depending on what the
  bad guys are doing, one’s need for anti-spam servers can go up and down
  in a hurry. Virtualization makes it easy to respond.

[Updates below: on activation, on vhd files.]

New in the Virtual Appliances Marketplace: Microsoft's new virtual appliances. Simply download the self-extracting archive, and then you can use VMware Workstation, Server, or Player to automatically import and run the virtual appliance inside. 

• Microsoft Windows Server 2003 R2 Enterprise Edition Virtual Appliance
• Microsoft Exchange Server 2007 Virtual Appliance
• Microsoft SQL Server 2005 Enterprise Edition Virtual Appliance
• Internet Security and Acceleration (ISA) Server 2006 Virtual Appliance
• Internet Explorer 6 Application Compatibility Virtual Appliance (listing temporarily removed -- see below)
• Microsoft Dynamics CRM 3.0 Evaluation Virtual Appliance (listing temporarily removed -- see below)

Enjoy. Let's all thank Microsoft for helping expand the world of virtual appliances.

[Update: Evidently importing the machine may be trigger the Windows activation clock. Commenter mcp ended up with a 3-day deadline, but I don't know for which appliance. Note that some of these images (the first 4) are part of the "VHD Test Drive" program, and are 30-day trials. Correspondent Michael reported that he got the full 30 day trial with them inside VMware Workstation. The other two (and I believe there are an additional two more out there) are not from the VHD Test Drive program and your mileage may vary. More updates as I get more information.]

[Update II: The IE6 Compatibility Appliance contains just a .vhd file (a virtual disk, equivalent to a VMware .vmdk file). The VMware appliance team is developing some better instructions on how to use these within the VMware platform, and in the meantime has disabled them in our directory, just to avoid confusion for now. Note: you're wecome to download them from MS -- they're easy to find with a quick search.]

From SearchOpenSource.com: Virtual appliances emerge as OS distribution mechanism.

For IT managers, the main benefit of an appliance is faster set-up times, said Javier Soltero, co-founder and CEO of San Francisco-based Hyperic Inc., which is considering distributing its open source Hyperic HQ systems management suite as an appliance. "We mentioned to a potential customer that we work hard to keep installation time under thirty minutes. The customer said 'That's 29 more minutes than I would have spent if it were an appliance,'" Soltero said.

Hyperic is obviously not in this category, but for most enterprise software vendors, I'd dance for joy if the install were only 29 minutes.

[Update: be sure to read the comments for more on the coming 'application agnostic' world.]

Kimbro at Virtualization Daily and Scott Lowe are having an interesting conversation on the Role of the OS from the desktop perspective. I'm knee-deep working with virtual appliances these days, which tend to be server-based at this point. There we are starting to see stripped down Linux distributions, which only include the services and complexity necessary for the application contained within it. I would expect to see profiled  operating systems (ie configured for specific tasks) from all the major players within a year or two. This is a major win for reduction of complexity, simplification of updates, and avoidance of security exploits in random unneeded packages.

But what about the desktop? What does a cooperating set of virtual machines on your desktop mean? And who profits more -- Microsoft, Apple, Sun, Red Hat, Novell ... ?

Kimbro rounds up some of the conversation and sets the stage in The OS is under attack:

If you can run Mac OS and Windows on the same machine and use whichever program you want, and drag data back and forth at will between the two, what does an operating system mean? In a sense, it just becomes a visual preference rather than a system or standards choice. And if you spend most of your time using Web apps, the operating system means even less. We’re not quite there yet, of course, but would such a world help Apple or Windows more?

Scott Lowe then wrote an extended riff on the End of the OS As-We-Know-It, but exempts Mac OS X.

I do agree with these conclusions on at least one point:  The general purpose operating system as we know it will cease to exist in the next 5 to 10 years, perhaps sooner.  I do believe that the release of massive development projects such as Windows Vista won’t be the norm moving forward and that, in fact (as others have predicted as well), Windows Vista will be the last of its kind.

Notice I didn’t place Mac OS X in that list as well.  Why?  Because I think that Apple is capitalizing on an architecture and a convergence of technology that allows it to make Mac OS X into what Windows NT was supposed to be.

I think Scott lumps together too much the technical arguments of Windows vs OS X (OS X wins) with marketshare arguments around the various unixes and Linuxes (OS X wins again). I don't think OS X has any magical advantage, and nor do I think it's uniquely privileged to run the hypervisor, as it currently does with Parallels Desktop and the upcoming VMware product.  In a hypervisor-driven world where my desktop is a cluster of cooperating virtual machines (security, storage, etc.) and where my "desktop" can live anywhere, Apple's current software-locked-to-hardware business model falls down. If I can't run OS X anywhere but Apple-branded hardware, then Mac users have to sit out on a lot of innovation going forward. However, virtualization is disruptive enough that it's still anybody's game to win, if they put their chips on the right strategies.

Scott concludes with the question of whether the hypervisor should be inside or outside the OS.

So I guess the future of the operating system depends on your perspective.  If you’re an operating system guy, you’ll say that the OS has a bright future, and point to developments such as built-in paravirtualization and bundled hypervisors to prove your point.  If you’re a virtualization guy, you’ll say that the OS is dead, and you’ll point to developments such as third-party paravirtualization and independent hypervisors to prove your point.  Which of these two is correct?

And that's the forking path coming up for virtualization -- do you get the hypervisor layer from your OS vendor, effectively locking you in to a single operating system? Is your ability to run a guest dependent on the business deals between the various players, which may be what we're seeing in the recent Microsoft deals with XenSource and Novell? Are you willing to run a hypervisor that is locked to one brand of hardware? Or does the hypervisor sit outside the OS, allowing you to use the OS of your choice? The latter future seems a lot more appealing to me, although I'm admittedly looking at it from a VMware perspective.

But we digress a bit from the central question here -- what about virtualization on the desktop? When two or more OSes are sharing your devices and now your display, what is the role of the OS? Who are the winners and the losers?

Berkay Mollamustafaoglu manages to hit right at the core of the question of why software vendors are moving to virtual appliances. Are the software vendors better off supporting the virtual machine as the platform?.

Supporting many different platforms (windows, flavors of unix, etc.) is a major challenge for software vendors. One one hand vendors would like to support as many platforms as possible simply because customers demand it, on the other hand every supported platform brings extra support overhead and spreads the resources which is not good for anyone. At the end, the vendors want to focus on their own products rather than dealing with the idiosyncrasies of different flavors of Unix, and customers want to make sure the platform they use has strong support (and they are not the odd ball).

Mitchell Ashley of Still Secure (disclosure: StillSecure Strata Guard virtual appliance available in Virtual Appliance Marketplace) lays out his view of the effects of commodization and Moore's Law on the hardware part of hardware appliances. Why appliances are dinosaurs:

Virtualization offers other capabilities interesting to networking and security – the ability to migrate and move network and security functions without changing hardware. Imagine moving your IPS from one edge appliance to another via a management console on your desktop.

We’re not far away from such a scenario. So get ready to rethink your appliance strategy.

Mike Rothman of The Daily Incite isn't so sure about virtualizing his networking appliances, but does admit that at this point most of them are running on Intel-based hardware. Appliances are not T-Rex:

Yes, large enterprises (and even some small ones) are increasingly virtualizing their data centers with products like VMware. But do I want VMware running in my perimeter? Not so sure about that. I do believe that appliances targeted at data center security applications will need to evolve to work in a virtualized environment. BUT, not necessarily on the perimeter. I may have a box that virtualizes security applications (which is what Crossbeam does), but it's still a box. But let's be clear, most "appliances" are software running on an industry-standard (read Intel) appliance platform.

The security blogosphere is very active, with lots of shouting and hand-waving. Great fun. Mike Rothman's Daily Incite is a good place to start, and I've been enjoying reading StillSecure's Chief Strategy Officer Alan Shimel as well. The virtualization blogosphere could probably stand to step up our level of two-way conversation, although I'm not sure about the shouting.