There's an interesting security discussion going on now between Simon Crosby, Citrix CTO, and noted security blogger Christopher Hoff.
Hoff kicked off the fun by taking Crosby to task for allegedly claiming that virtualization security is rightfully handled by third-party vendors, and that Xen isn't in the security business (note to readers: there's a big red button beside this article with a profanity on it, as well as profanity in the entry. If this type of language bothers you, you might want to skip it.) Here's the key quote:
"The fact that the "industry" [note: Hoff is referring to Crosby's comments here] has "decided" that "third party vendors are required to secure any platform" simply points to the ignorance, arrogance and manifest destiny we endure at the hands of those who are responsible for the computing infrastructure we're all held hostage with."
Crosby, naturally, fired back. Calling Hoff "as smug as always," he said his comments were mischaracterized. Citrix is very concerned with the security of its hypervisor, XenServer, but it cannot be responsible for the security of the guests running inside its virtual machines (VMs). Money quote:
"What I said is that Citrix is not a security vendor for guests of the virtualized infrastructure. We do not spend our days and nights looking for evil types that wish to attack guest OSes by looking for virus signatures or other security techniques. That is not our business, and never will be. There is a strong and vibrant ecosystem of security vendors whose job it is to protect guest operating systems in physical and now virtualized infrastructure. There are challenges that arise as a result of virtualization, and we and those vendors will work to fix them, but it is not our role to specifically protect any OS or its applications through OS/app specific knowledge in the virtualization layer."
And while lauding some positive aspects of VMware security, Crosby also took a shot at Citrix' main virtualization rival. Pointing to the voluminous amount of patches released this year for VMware, Crosby says "How anyone can consider software that has to be patched at a rate of more than one patch per week to be enterprise class, let alone secure, escapes me."
Hoff's quick response was to say that he wasn't talking about guest OSes, but rather the VM "container" which houses the guest.
I'm not arguing about securing the guest operating systems. I *am* talking about securing the instantiation of those guests as "hosted" by your virtualization platform. The myopic focus on the hypervisor versus the entire solution is folly.
In other words, the fear is not so much that the guest OS (whether Windows Server 2003, Windows Server 2008, Windows XP, Linux, or whatever) will compromise the host machine or network, but rather that the VM itself can be targeted and used as the jumping-off point to get into the hypervisor or launch some other attack.
I'm sure more will be coming in this debate, so stay tuned. In the meantime, on which side of the issue do you come down? If you have virtualization security experience, I'd especially like to hear from you.
Posted by Keith Ward on 05/12/2008 at 12:48 PM0 comments
Executive Editor
Tom Valovic and I had a briefing yesterday with
Pano Logic, makers of a little silver box that goes "thin client" one better, down to zero client. The idea is that you plug your keyboard/mouse/monitor into the box (Pano execs like to emphasize that in terms of design, the box is on a par [at least according to one design
competition] with the iPhone) and start working.
The box connects to your datacenter, where all the user desktops (including associated apps) are stored in VMs. All processing is done at the server -- no drivers, hardware, etc. to mess with. This is different from Wyse and other thin-client solutions, which at the very least contain an OS, even if it's very lightweight.
I can see serious advantages to this architecture. Virtual Desktop Infrastructure means no sneakernet; no mass patching of your desktops every second Tuesday of the month; no BitTorrent and other dangerous peer-to-peer programs being downloaded to your users' computers; and, of course, hugely reduced hardware costs.
The potential drawbacks, however, are also significant. The top hurdle to overcome (similar to the situation with thin clients) is performance. You'd better have a blazing network (that never goes down) with mega hardware, preferably designed and funded by Tony Stark, on the backend. And what do you do with your existing desktops? Here are some good ideas.
On the performance front, Pano believes it's close to solving the major issues so that power programs like CAD, CRM, ERP and the like (in other words, tasks that tax I/O) can be used with the device. How soon? "Early next year" is what I was told by Aly Orady, Co-Founder & Chief Technology Officer. I told him I'd hold him to it; I'll get a demo Pano, do some video editing with it, and report back to you.
Pano says that its largest installation has about 250 users; that puts it squarely in the SMB space now. How much this architecture can scale in the real world is open for debate (if you're using Pano, I'd love to talk to you). But it sure looks promising from where I sit.
Desktop virtualization (here's my definition of what that means) is still a very, very new space within virtualization, even though it's quickly getting crowded. But I wonder if vendors aren't getting ahead of themselves, and creating a product in the hope that a big market materializes. It's difficult to find an organization using this technology for more than a few users; I don't know of any companies fully relying on this zero-client (or other VDI) architecture (outside of the vendors making the products). If you are 100 percent thin or zero-client, please contact me so I can chat with you.
That doesn't mean that I think a substantial market could not develop; indeed, I believe the technology has tons of advantages. I just don't know if a) Companies are ready to ditch the entrenched mindset of full desktops, and b) Even if they are, if they trust the technology enough at this point to commit fully.
For myself, I hope desktop virtualization takes off, since it will make this a safer, more efficient computing world; I just don't know if it will.
Posted by Keith Ward on 05/09/2008 at 12:48 PM5 comments
As Executive Editor Tom Valovic reported earlier today,
Dell is the latest vendor to
partner with Citrix on an embedded hypervisor. This is interesting on a couple of levels.
First, from Dell's perspective, it's clear that the company is figuring out what its place is in the virtualization universe. Rather than build out entire infrastructures, including its own hypervisor, like IBM, HP and Sun are doing, it is relying heavily on third-party support. This certainly saves on R&D, and makes the virtualization ISVs happy. And the savings help keep its prices very competitive.
Until recently, I had a hard time getting my arms around what Dell's virtualization strategy actually was. That's no longer the case. If you want to know more about what Dell's doing, make sure you check out the cover story in our May/June print issue -- Editor-in-Chief Doug Barney does a compare/contrast of all four major hardware OEMs and gives you the lowdown on the landscape.
From Citrix' point of view, it's gotten another OEM (following on the heels of HP) to stock its embedded hypervisor. What's cool about it is that it's tuned for Dell servers, the way the HP Select Edition is tuned for HP servers -- it's not "one size fits all." That makes a lot of sense to me; you want to take advantage of each manufacturer's strengths, and help your product excel on that particular machine. I would expect to see similar announcements coming in the future for IBM and Sun as well.
We've also learned about Dell's pricing for both embedded hypervisors, and it's not what many pundits in the industry thought. ESXi on Dell will start at $99, and XenServer 4.1 starts at $299 (according to the check I just did of Dell's Website. See the accompanying graphic, which was for a PowerEdge R805.)
Much speculation was that ESXi would be free. Note that it's $500 direct from VMware; so it's a lot less, but still not free.
I was also suprised to see that XenServer was three times the price, since Cixtrix never misses an opportunity to point out how much cheaper its virtualization products are than VMware. For enterprises, that may or may not make a difference. I'd bet that for SMB's, it just might. Would it make a difference for you? As always, let me know.
Posted by Keith Ward on 05/07/2008 at 12:48 PM0 comments
I have no problem with competition. I think it's good for Microsoft, VMware, Cisco and AT&T. It's just as good, and healthy, for IT publications. I do have a problem, however, with publications that either a) Outright lie, or b) Are woefully ignorant, and don't check facts before they publish something.
That has happened with a competitor of ours. Virtualization Journal has announced a print magazine, that allegedly debuted today at JavaOne, a conference in San Francisco. Here's the critical part of their announcement:
"And now it will be available in print, on newsstands worldwide, as the first and only print publication serving Virtualization markets."
Hmmm. Let's see, our print magazine debuted in March. Theirs debuted in May. March, last I checked, is earlier than May. And our magazine is also in print. That would mean that their magazine is not the only print mag in existence covering virtualization. And not the first, either.
Welcome to the party, Virualization Journal folks. There's room for others here. Just try to be more careful when you make such bold claims. Doing a little homework on the competition wouldn't hurt, either.
Posted by Keith Ward on 05/06/2008 at 12:48 PM3 comments
Greg Shields is our "Virtual Architect" columnist, and he's awesome. His column on virtualization strategies for disaster recovery, coming in the May/June issue, is outstanding, and a must read. (Not a subscriber?
Do something about it.)
Greg is also an author for Realtime, an online publishing company. He recently responded to a blog posting of mine that referenced a demo VMware published about Quick Migration, and how it drops TCP connections. VMware's point is that Quick Migration is inferior to Live Migration, which can move VMs from physical server to physical server without dropping connections.
Greg's key points:
"But, what is important about either Quick Migration or VMotion is that these sorts of hot migrations are typically reserved for one of two functions: Planned downtime and load balancing. With planned downtime, an extended outage like the one Keith discusses is likely to only occur during standard outage windows when users and their clients are less likely to be using the servers. Thus, Quick Migration's added delay shouldn't necessarily impact operations in this case.
The other case, load balancing, is harder. ESX when in fully automated mode can rearrange its load constantly throughout the day. In a Quick Migration world with extended outages like we currently see, this simply isn't going to work from an operations standpoint."
In a private e-mail, I took issue with Greg's assertion about planned downtime. Isn't the ability to plan your downtime during regular work hours, with full staff on hand, better than doing it at 3 a.m.? Greg responded, and I think what he wrote is thought-provoking (like most of what he writes):
"...The real conclusion of my argument is that you've got to weigh the cost against this benefit. I've never been a fan of "let's implement [insert tech here] because it makes my life easier as an admin". There's never been a great ROI for making admins' lives easier. If it benefits the users, or security, or configuration control, then yes. But if it only "makes the admins' lives easier", then it's not a good play.
At least that's been my recurring opinion.
Right now, VMware's something like $5K to $6K per dual-socket + the multi-thousand dollar cost for VC. Microsoft's effectively free per dual-socket + $500 for SCVMM Next. The affordability vs. return question Its growing harder in my book."
Good points, all. But I would bring up two other objections. First, I've talked with several admins who say that a lack of Live Migration capabilities is an absolute deal-breaker for them, at any price.
The second point is that admins aren't saddled with just two choices. For instance, both Citrix, with XenServer, and Virtual Iron offer Live Migration in their products, and at a significant cost savings over VMware. That's because they use Xen as the base hypervisor, and Xen includes Live Migration. Xen, you may know, is a free, open source hypervisor that has been included in various versions of Linux (both free and commercial) for years now. That means you can get Live Migration for nothing, if you're expert enough to use it.
So, you have choices -- many of them. Which ones are you considering? Let me know.
Posted by Keith Ward on 05/05/2008 at 12:48 PM2 comments
I recently asked you for
feedback about the viability of a single console for managing your virtual and physical environment, vs. using more than one interface. Would it impact your buying decision, as an admin? Here's a thoughtful answer to that, by an admin out West who works for a local government and asked that his name not be used:
"Quick Answer: No.
We've been using VMware in our production environment for the past six months with a growing implementation. In my humble opinion it is not a big deal that I need to use Virtual Center for my VMs and other Microsoft tools for the physical boxes. Sometimes multiple simple tools are of more value than the monolithic approach where an admin can supposedly do all things. I must admit that I don't have any experience in the Microsoft VM environment. "
Interesting response. Microsoft, you may have read, just released a public beta of its Virtual Machine Manager, and it touts its ability to manage not only physical and virtual machines, but VMware's ESX hypervisor as well. The ability to manage more than just the physical is something Citrix pushes as well. Is it only a matter of time before VMware adds similar functionality? What do you think?
Posted by Keith Ward on 05/05/2008 at 12:48 PM1 comments
The latest beta version of Virtual Machine Manager 2008 was
released today. It's a feature-complete beta, according to this
blog entry by Hector Linares, a program manager with the Windows Virtualization team. VMM 2008 is a very, very important product for Microsoft: Management, in my estimation, is more important than the hypervisor when it comes to virtual environments. Microsoft has put a ton of resources into this, and this is the first look the general public has seen with all the features in place. It needs to hit a home run here.
For my money, the key feature of VMM is its cross-platform management capabilities. By that I mean, specifically, the ability to manage ESX from the VMM console. Here's an interesting comment from the blog posting:
"To provide VMware support directly in the console, VMM connects to Virtual Center's public web service APIs to provide support for most day-to-day administrative tasks on VMware, including VMotion."
This particular comment is interesting to me because of the recent back-and-forth between VMware and Microsoft about LiveMigration (which VMotion offers) vs. Quick Migration (Microsoft's less-than-live offering). VMware is taking great pains to point out graphically that Quick Migration can result in dropped connections, and is, therefore, inferior to Live Migration, which migrates VMs with no downtime. Microsoft responded with a three-parter stating, basically, that "Yeah, connections are broken with Quick Migration, but it's no big deal because of how VMs are migrated in the real world."
That controversy aside, the big advantage of VMM 2008 over VirtualCenter, VMware's management tool, is the ability to manage both phyiscal and virtual machines. You can't get physical with VirtualCenter, meaning an extra management console. Is this a big deal for you admins out there? I'd be very interested in hearing if this is an issue that would make you consider using VMM over VirtualCenter. And, Microsoft no doubt hopes, as long as you're using VMM, you might as well fire up Hyper-V also and see what it can do...
Posted by Keith Ward on 04/29/2008 at 12:48 PM2 comments
Executive Editor
Tom Valovic and I took a briefing this morning with virtualization vendor
xkoto. Xkoto does data virtualization focused around databases, offering (according to the company) better availability and performance, even with clustering solutions.
Its product is called Gridscale, a software appliance that works by changing the traditional active/passive roles of cluster servers and making every server active, resulting in an active/active environment. Normally, the passive servers in a cluster are hibernating, waiting for a failure to wake up and start working. Not so with Gridscale, which keeps all servers active and humming along. The company claims up to an 85 percent performance improvement with this arrangement, depending on the application and environment, of course.
Those are lofty figures; if you've used Gridscale, please let me know what kind of performance gains you're seeing.
Gridscale virtualizes the data infrastructure (it sits between the app and the database), so it doesn't matter whether the data is stored locally, on the LAN or in Timbuktu. It load balances the requests, ensuring consistent access to data. Since all the clustered servers are active, it also means that a server can be taken offline at any time for patching or maintenance, without affecting data access.
Another nice feature of Gridscale is that, unlike some clustered arrangements, it doesn't have to be matching hardware. You can use your older servers, your newer servers -- basically any server. You don't need a complete matching set of hardware to run it on.
Currently, Gridscale supports IBM DB2 on various Windows, Linux, Sun and IBM operating systems. Officials told us that Microsoft SQL Server, currently in closed beta testing, will be supported "later this year." Xkoto has worked very closely with IBM, and is developing a similar relationship with Microsoft, officials said in the briefing.
One thing that intrigues me about this technology is the potential for virtualizing databases. As you may know, many admins are loathe to virtualize apps like databases. Their high I/O requirements normally don't make them good candidates, given the processing overhead virtualization adds. However, if there are significant database performance gains through use of Gridscale, that might overcome those well-founded fears.
If you're a DBA or otherwise have responsibility for data management or virtualization, is this something that might convince you to virtualize your databases? I'd be very interested to hear from you on this issue.
Posted by Keith Ward on 04/25/2008 at 12:48 PM2 comments
By David M. Lynch, Vice President of Marketing at
Embotics
(Note: this is a guest blog from a virtualization vendor. We do accept guest blogs if the content is relevant to our readers, and no mention of a vendor's products is made in the blog. These have to be straight information, with absolutely no marketing spin or hype. Contact me if you would like to contribute. -- Keith Ward)
Anyone who has experienced server sprawl knows how expensive it is in terms of resources. But when it comes to the virtual world there is another aspect that must be considered -- security.
Many organizations treat virtual servers similar to how they treat physical servers, and while they have a lot in common, there are some significant and risk-inducing differences.
Virtual Machines are Different
The first difference is subtle -- Identity. A physical server has a specific identity tied to its physicality that is usually attributed to the actual hardware. A VM, on the other hand, not only lacks the physical identity but can be "cloned" at the click of a mouse, producing duplicates of the same server.
This lack of verifiable identity makes it difficult to enforce corporate policies, or even recognize authorized VMs from unauthorized VMs. This potentially allows unauthorized or "rogue" VMs to creep into an environment unnoticed.
Another significant difference is mobility. Physical machines rarely move. Virtual machines, on the other hand, move a great deal, either through planned (or unplanned) maintenance, or through the agency of a growing number of software tools (e.g., load balancing tools that redistribute VMs based on host loads). VMs also tend to change state (e.g., powered on or off) more than their physical counterparts -- another aspect of mobility.
Traditional Control and Security Tools Do Not Work Very Well
Lack of identity and increased mobility create significant challenges for the traditional data center management tools. VMs can be counted more than once as they move through the environment, or not counted at all if they cannot be seen (i.e., are offline or just not visible).
Traditional Security Solutions Do Not Work Very Well
Some of the problems that you have already solved in the data center can become "unsolved" in the virtual world. For example: traffic between VMs on the same host is invisible to the "outside", and consequently not inspected by malware checkers or IPS/IDS systems, creating "points of invisibility".
Some security systems need to know what they are protecting and where it resides. This works well when things do not move, and do not work well in a mobile environments.
VM management Tools Do Not Track VMs
Most of the VM management tools provided by virtualization vendors focus on what the environment looks like in real time. Frequently the management and tracking of VMs is done manually, making it prone to error and difficult to audit, and expensive to produce adequate reporting.
Compliance Standards Can Be Compromised
Data protection and application separation standards can be difficult to maintain in a virtual environment where the servers are mobile. They may be deployed correctly with care or they will not stay where you put them.
For the most part, corporate IT auditors are not aware of the differences between physical and virtual servers. But when they do become aware, they need to be in control at the time of the audit, while also demonstrating control over the whole audit period.Do not wait until they are breathing down your neck before considering the risks detailed here.
Posted by Keith Ward on 04/24/2008 at 12:48 PM0 comments
Virtual Iron has released a point upgrade of its virtualization software,
Virtual Iron 4.3. The big news in this upgrade is support for Windows Server 2008, Microsoft's newest server OS. Another cool feature is the ability to LiveUpgrade. Virtual Iron says this means that you can upgrade from 4.2 with no VM downtime (just remember to make snapshots!)
Virtual Iron is a very interesting company, almost uniquely situated in the virtualization space. It offers mature, strong management tools on top of its Xen hypervisor, and several analysts I've spoken with like its products very much. Virtual Iron goes hard after SMB customers, which it sees as its niche currently. That doesn't mean it can't be used in enterprises, but it markets itself and its products as a good fit for smaller virtual deployments.
It's also been around awhile, as you can see from the version numbers. The company is growing steadily, and definitely encroaches on VMware's territory. Virtual Iron is often not mentioned in discussions of hypervisors and management tools, where most of the press is hogged by VMware, Microsoft and Citrix.
Don't let that fool you, though; this isn't a here-today-gone-tomorrow operation. The company does fly somewhat under the radar, but is a worthy competitor in the field. If you're in the planning stages of your virtualization efforts, you would do well to put them on your list of companies to evaluate (full disclosure -- I have no financial or other relationship with Virtual Iron, other than covering the company as a journalist.)
Are you using or considering Virtual Iron? If so, let me know.
Posted by Keith Ward on 04/24/2008 at 12:48 PM6 comments
Virtualization is one of the very few areas within IT in which the hardware and software are equally important. There's lots of virtualization software, and at the same time, a growing amount of virtualization-tuned hardware on which to run it.
Chip maker AMD is making some new inroads into the virtualization space, announcing that Dell is carrying its brand-new Quad-Core Opteron procs, and also that it has certified those same chips to work with VMware's ESX and ESXi hypervisors.
The new Operton chips will be available in a number of Dell's servers, including the 6950; PowerEdge SC1435 and 2970; and M605 blade server. There's a new SMB server offered as well, the PowerEdge T605 tower. All except the T605 are two-socket servers; with quad-core procs, that gives the virtualization environment eight processors' worth of resources.
The Opteron features Rapid Virtualization Indexing (RVI), a technology that takes functionality previously done in software, and accelerates it through CPU power. It reduces the overhead associated with software virtualization, enabling applications that IT might have been previously hesitant to virtualize, like databases, to gain the advantages of virtualization.
AMD's Tim Meuting said in a previous briefing on the Opteron that RVI "enables some of those apps to work better and enables customers to implement them. Internal benchmarks show that depending on the solution, you might see anywhere from 15 to 100 percent improvement" in performance over processors that don't use RVI.
Posted by Keith Ward on 04/22/2008 at 12:48 PM1 comments
Blip.tv has a graphic
demonstration of what you could be in for with Microsoft's Hyper-V in terms of Quick Migration. In Microsoft's world, Quick Migration means that when you move a VM from one physical server to another, it happens almost -- but not quite -- instantly, with minimal downtime. In fact, the VM does go offline, if only for a short time. On the other hand, VMware's Live Migration (in its ESX and ESXi) is an instantaneous transfer, with no downtime, loss of data, state information, and so on.
Now, the first thing to note about this video is the source -- it's from "VMware TV." That will give you a clue, from the outset, that this might be a setup for failure.
With that caveat in mind, it's a fascinating demo. It shows a Quick Migration of a Windows Server 2003 VM from one physical machine to another. At the same time, a Microsoft Dynamics client is trying to access a database residing on the VM. Through a constant ping of the VM, we can see how a) the connection to the VM is dropped for a time, and b) how the Dynamics client fails in its attempt to get the database information (an error box pops up, showing a TCP failure). Shortly thereafter, another popup informs us that the VM has actually been deleted! It's re-started a few moments later. In addition, a network file copy that was initiated on the VM also failed during the Quick Migration.
The video is, naturally, a worst-case scenario, but from what I saw, it could (and will) happen sometimes. The question for those considering Hyper-V is whether these types of interruptions would happen often enough to impact your business. After all, the Dynamics client will retrieve the information after the migration is done, so it's not like you'll never be able to access it (after the user re-initiates, though. That's an aggravation). Same with the file copy; just re-start the copy after the VM restarts. You won't have to wait a day, an hour, or even five minutes to do the task; but you will have to start it all over again.
My assignment/question to you: watch the demo, and tell me what you think. Does this impact your thinking on the validity of Hyper-V in your environment? Why or why not? I'll post your feedback, unless you specifically ask me not to.
Posted by Keith Ward on 04/20/2008 at 12:48 PM7 comments