Avastu Blog: Sustainable Global Clouds

EWeek's labs picked up some neat collection of VMware's virtual appliances. Although I don't seem to read anywhere what the criteria might have been, it is important to note that these appliances are a security/application centric collection, I haven't been visiting the marketplace for some time so do go there and check out some stuff there. They have a huge collection out there. Here's EWeek's top 5

Ed has some good tips. Last time I spoke to Ed, I got to understand that he's on to a lot more things such as writing a book and some toolkit. Mike Hoesing has beaten him to it there since his book on Virtualization Security is already up there on Amazon. I am looking forward to Ed's book as well though. Anyways, like I said, last when I spoke to Ed was about pushing the virtualization security initiative here in the EMEA. I have spoken to several little and bigger players, including our own large team ("our" as in my employer ) of some 500+ security experts,who are doing lots RA's for firms across the globe. Anyways here's Haletky's article: The roles and permissions within the VI Client do not necessarily map to users and groups within the service console or management appliance. Roles and permissions are quite a bit different actually and do not always map one to one. When you directly connect the VI Client to a VMware ESX or VMware ESXi host you will ...

As a first step in the companies' expanded relationship, VMware would work with HP to integrate HP BTO software with VMware vCenter Lab Manager, which provides self-service access to a library of pre-configured virtualized application environments, allowing teams of users to check out systems on-demand while IT maintains administrative control. With Lab Manager, organizations can reduce hardware costs, automate manual provisioning tasks, and accelerate application development and test cycles. In addition, VMware and HP would jointly develop and bring to market enhanced virtualization management offerings for VMware vCenter and HP BTO customers based on the HP BTO application and infrastructure discovery technologies (HP Discovery and Dependency Mapping) to better manage their VDC-OS environments. A VDC-OS enables businesses to efficiently pool all types of hardware resources (including servers, storage and network) into an "internal enterprise cloud" that acts like a sin...

STORServer introduced an upgrade to its STORServer Agent for VMware Consolidated Backup, designed to increase usability and performance. Highlights of these upgrades include a new license server and online help system. Introduced in September 2007, the STORServer Agent for VMware Consolidated Backup integrates IBM's Tivoli Storage Manager and VMware Consolidated Backup. To address the challenges of protecting VMware environments, the Agent improves the usability of Consolidated Backup by providing centralized management, reporting and scheduling of virtual machine backups and eliminates cumbersome pre- and post-processing integration scripts. The Agent includes an easy to use graphical user interface for the management and reporting of virtual machine backups; a scheduler; and a database containing client configurations, logs and scheduling information. Source

“VMware is pleased to see Symantec deliver solutions like VCS for high availability that integrate with and complement the value of VMware virtualization for customers and reinforce the importance of a strong partner ecosystem that helps differentiate VMware virtualization,” said Shekar Ayyar, vice president of infrastructure alliances at VMware. “We look forward to continued collaboration with Symantec to enable support for VCS for VMware users and improve the experience for joint customers through initiatives such as the TSANet-based cooperative support agreement announced today.” The collaborative support initiative between Symantec and VMware through TSANet delivers highly trained support expertise to solve customers’ high availability needs. Already a global member of TSANet, Symantec has now joined a cooperative support community for virtualization established by VMware earlier this year to promote collaboration to deliver mission-critical support for joint enterprise customers....

NetWrix has some cool things going with their Change reporter for both VMware and Microsoft's SCVMM. VMware was launched recently. Change auditing is an important process for controlling the management of your virtual environment, to limit unauthorized changes and errors in VI3 inventory. Erroneous and unauthorized changes usually occur every day in organizations in which many IT professionals manage different aspects of virtual infrastructure. Such changes can cause failures and outages in your virtual infrastructure and significantly contribute to virtual machine sprawl. NetWrix Change Reporter for VMware Infrastructure 3 audits all changes and enforces controlled change management processes across your virtual environment. This freeware tool sends a daily report pointing to every change made to your ESX servers, folders, clusters, resource pools, virtual machines, and their hardware (*), including previous and current ("before" and "after") configuration valu...

Eventually it all comes down to cash and selling power. VMware has been having trouble selling purely because it just doesn't have the kind of DNA and animals in their shops who are as capable of selling the products for recessionary times. Of course, you can sell when the times are good. You can also sell when people are in dire need to replace hardware and want to cut costs, but how can you sell if those IT managers and CxOs start asking you questions such as: o Why should I invest in this new technology? o Why should I not just consolidate my systems traditionally, bung all web servers on one big fat server and create application pools, bung all the DBs into one and create multiple instances? o Why must I train my staff when I barely have cash to train them on apps? You know how it goes, these questions have never stopped coming, and in harder times it gets harder, we all know it. All these messages are being sent out to all employees across the globe. But... You can still sell....

DoD guys and all the other folks who are building expertise around the security which they have gained while building a secured VMware environment by design, are also being exposed to the ones that can play potential havoc in your environments, should you not take security into account when designing and operating your virtual environments. Ask yourself the following: Do you know that such malicious attacks are not taking place in your environment? Do you know if there is some sort of control in your environments? How many of you have successfully deployed a CCP that makes your ESX complaint or atleast anywhere close to being SOX/PCI DSS 1.x standards? You must be able to control, authorize and demonstrate on your sense of control on these environments, can you do it? Are you doing any sort of assessments in your environments, especially Virtual Infrastructures be it Oracle VM, VMware ESX, Citrix Xen, Xen or whatever? Are some or any of your virtual platforms registered within your cen...

Well, according to the Fools and also VMware's own staff, this Transitive was a great firm for a potential acquisition. Read on... You blew it, VMware (NYSE: VMW ) . Or maybe you didn't. But whatever the behind-the-scenes machinations, virtualization toolmaker Transitive is now in IBM 's (NYSE: IBM ) hands. (Big Blue acquired the firm last week for an undisclosed sum, Computerworld reports.) Transitive should have been yours, VMware. Here's what your team said about the company in a blog post from May, ahead of the digital VMworld.com conference: Transitive does something quite interesting -- they can dynamically translate from one machine architecture to another. This can be quite complementary to VMware and our flavor of virtualization. You can, for instance, take your apps compiled for the Solaris/SPARC platform, move them to your new x86 box running ESX and Linux and go to town. IBM's interest is easy to understand. Transitive's code is baked i...

Well these are rather grim news from a security standpoint. VMware's Determina's acquisition and its rather dubious Bluelane acquisition, where no one apparantly made any profit, are putting VMware under solid pressure. I really don't know if all this is because of the restructuring within VMware or merely that some other shift is going to happen. VMware surely is on some rather contradictory paths given that it is under tremendous pressure from the security community to provide some solid answers around Security and Compliance. VMware has made progress around the PCI DSS participation but strategically it is on the losing side. Bluelane's acquisition has left a lot of people with some bitter taste in their mouths. Speaking to a Bluelane employee, who wished anonymity, there was a lot at play since Feb 2008. during Cannes VMworld, some sort of deal was struck to buy Bluelane, VMware too placed its bets but didn't end up committing till the very end. Bluelane languis...

The head of VMware's security group has left to join San Francisco's OpenDNS, a startup that provides Internet infrastructure services. Nand Mulchandani took over as CEO of the DNS (domain name system) service provider on Nov. 5, replacing founder David Ulevitch, who will remain as the company's chief technology officer, according to a company spokeswoman. Mulchandani is the latest VMware executive to depart after company co-founder and CEO Diane Green was ousted in July of this year. In September another VMware co-founder, Chief Scientist Mendel Rosenblum, resigned. Richard Sarwal, who led the company's research and development efforts, also left around the same time. Mulchandani had been with VMware just over a year, after the virtualization software vendor acquired his security company, Determina. As VMware's senior director for security products, Mulchandani was in charge of VMware's security strategy, considered critical to the company's future success....

Nice read, this doc. In a native system the operating system maintains a mapping of logical page numbers (LPNs) to physical page numbers (PPNs) in page table structures. When a logical address is accessed, the hardware walks these page tables to determine the corresponding physical address. For faster memory access the x86 hardware caches the most recently used LPN->PPN mappings in its translation lookaside buffer (TLB). In a virtualized system the guest operating system maintains page tables just like in a native system, but the VMM maintains an additional mapping of PPNs to machine page numbers (MPNs). In shadow paging the VMM maintains PPN->MPN mappings in its internal data structures and stores LPN->MPN mappings in shadow page tables that are exposed to the hardware. The most recently used LPN->MPN translations are cached in the hardware TLB. The VMM keeps these shadow page tables synchronized to the guest page tables. This synchronization introduces virtualization over...

When the decision was made to go with VMware at ManageNet Hyper-V was not ready for production environments. The company had also considered Virtual Iron, but was not confident in the level of local support compared with VMware. Dell wins in the end Despite their differences in virtualisation software selection, both companies at least have one thing in common - Dell. UXC purchased Dell rack-mounted servers and blades for its new infrastructure build out and ManageNet commissioned iSCSI storage systems from the Dell-owned EqualLogic. Rick Becker, Dell's vice president for software and Solutions, said internally the company migrated 326 PowerEdge 2650 servers to 21 blade servers saving an estimated US$800,000 in operating expenses. "We believe by adopting technology and negating the need for server space we will never need to build another data centre," Becker said. Source

LITTLETON, MA--(Marketwire - November 19, 2008) - Akorri, Inc., the leader in performance and capacity management for the virtualized data center , today announced the availability of the BalancePoint™ Plug-In for VMware vCenter -- a new capability sold with its award-winning BalancePoint software solution that allows VMware administrators to use BalancePoint directly from their VMware vCenter console, simplifying the management of virtualized environments. "The BalancePoint Plug-In for VMware vCenter provides 'single pane of glass' management of a virtualized data center from within the vCenter console," said Jeff Boles, Sr. Analyst, Taneja Group. "BalancePoint complements the element management aspects of vCenter by providing end-to-end performance management for all virtual and physical infrastructure components. This type of detailed insight goes well beyond basic utilization monitoring, and is absolutely critical to companies when they virtualize busines...

Setting up and properly configuring your ESX and ESXi hosts isn’t difficult. But over time, things can change. How do you know which hosts are still configured as intended, and which have "drifted"? Veeam Configurator helps to ensure that your ESX server configuration complies with corporate policies and standards across your entire VMware Virtual Infrastructure 3 (VI3), boosting administrator productivity in the areas of host configuration and configuration management. Veeam Configurator 2.0 automatically discovers ESX and ESXi configurations across the enterprise and creates Veeam host profile templates. These templates can then be applied to groups of VMware hosts, and periodic scans can uncover inconsistencies and allow administrators to enforce defined templates to ensure policy compliance. The templates can also be used to quickly provision a new or re-build an existing ESX host. With Veeam Configurator, administrators can quickly and easily ...

This is an interesting article. Maritz is on the move. "In technology, if you stand still, eventually your value proposition evaporates," he says, holding forth in a sunlit conference room at the company's Palo Alto (Calif.) headquarters. On Nov. 10, VMware announced it had bought the French company Trango Virtual Processors , moving it into the market for software that powers mobile phones. In late October the company launched its first advertising campaign, featuring customer testimonials. Even competitors say Maritz is already making his mark. "He's a great hire for VMware," says Marc Benioff , CEO of Salesforce.com. "He understands where VMware should go." Next stop: an ambitious project called the "Virtual Data Center Operating System," a complex piece of software that promises to help companies make their IT operations even more efficient by acting as a traffic cop among their hundreds of servers, disk drives, networking devices,...

Paris, 10 November 2008 - Atos Origin, an international IT services company, today announced that it will become a VMware global IT partner to address the growing demand for adaptive virtualization services*. The relationship will enable Atos Origin to deliver end-to-end virtualization services to customers during IT transformation phases. As a result, customers worldwide will have access to a broad portfolio of industry-leading virtualization solutions, which can increase IT agility while reducing capital, operating and energy costs by up to 80 percent through effective implementation of adaptive virtualization services. “Virtualization is the highest-impact issue changing infrastructure and operations through to 2012. It will change how you manage, how and what you buy, how you deploy, how you plan and how you charge. It will also shake up licensing, pricing and component management.” (Gartner, Inc., “Virtualization changes virtually everything,” by Philip Dawson, T...

Nice writeup this. I would too like to test it out, if I ever get the time. Introduction As a demo/test I wanted to build a complete SRM setup with both sites being protected. This requires two SRM installations and configurations and two replicated LUN’s. Since I am rather limited in available hardware at the moment, I needed to run every component in a virtual Machine on a single laptop. Luckily, LeftHand Networks has a virtual SAN appliance, which actually is supported by VMware SRM. This way, I can use a supported SAN, and still use ony one laptop. All used software (VMware ESX, vCenter, LeftHand VSA and Microsoft SQL Server Express 2005) are available for free (or as evaluation software). Hardware and host software I’m running all this on a Zepto Znote 6324W with a Intel Core 2 Duo T9300 (Penryn, 2,5Ghz with Intel VT and Execute Disable Bit), 4GB of RAM and a 200GB 7200RPM SATA2 hard disk. This laptop is running Microsoft Windows Server 2008 (64-bits), with VMware Workstatio...

Good to see VMware addressing the issue immediately. This is the one I also mentioned [briefly explained] when explaining the Rings and methods of deprivileging that are used to host guest VMs on a platform, in my last BrightTalk Summit talk. VMware products emulate hardware functions and create the possibility to run guest operating systems. A flaw in the CPU hardware emulation might allow the virtual CPU to incorrectly handle the Trap flag. Exploitation of this flaw might lead to a privilege escalation on guest operating systems. An attacker needs a user account on the guest operating system and have the ability to run applications. VMware would like to thank Derek Soeder for discovering this issue and working with us on its remediation. Source

Saw at Brian's site : Apparently VMware bought some technology from a company called Trango Virtual Machines last month which they're launching today as the "VMware Mobile Virtual Platform" (VMware MVP). The point of this is not so a user can run multiple VMs on a mobile device at the same time, but instead so that different types of phones can run the same OS image. (In this case, the Trango hypervisor or whatever you call it would "scrub" and hide the details of the hardware from the mobile phone OS.) The problem today is that each time a new mobile phone is designed, the OS of that phone has to be modified to work with that device's specific capabilities and hardware. With VMware MVP, the phone maker could install just the low-level realtime stuff on the phone (call handling, DRM, etc.), while the actual OS that the user interacts with could just be snapped in as a VM. This means that games, ring tones, email, address books, photos, and all the othe...