virtualization.info

In July 2008, the VMware Board of Directors voted to remove the founder Diane Greene as CEO of the company. Greene was offered another position that she declined, leaving the company that she created and led through one of the most impressive IPO in the IT history.

Two months after her departure, his husband Mendel Rosenblum, left too.
Rosenblum co-founded VMware and was the Chief Scientist declining the company vision.

The board immediately replaced her with Paul Maritz, a long-time Microsoft executive that joined the EMC ecosystem after his startup Pi was acquired in February 2008.
Under the Maritz leadership VMware took an unexpected direction, extending beyond virtualization and cloud computing, to the realm of development frameworks and software-as-a-service applications.

Now Diane Greene is back on the IT scene, as TechTarget reports.
Greene appears as investor in a startup called Nicira, along with Andy Rachleff, Partner at Benchmark Capital.

Nicira, founded in early 2009, is in stealth mode at the moment but its website is clear about its mission to virtualize networks.
The company is managed by Steve Mullaney, who comes from Palo Alto Networks and Blue Coat Systems, where he was Vice President of Marketing.

That doesn’t mean that we’ll see Diane Greene leading another virtualization startup like she did with VMware, but it certainly means that Nicira may have some potential that may be worth to see in action.

Update: Nicira, formerly Nicira Networks, seems to be working on a “Network Operating System” or NOX.

A number of employees, along with Stanford and Deutsche Telecom researchers, in fact published a couple of research papers (one and two) about this topic in late 2009.

In the documents the team advocates the need for a centralized programmatic interface to observe and control large scale networks.
The NOX would provide such API while 3rd party vendors would build applications that leverage the API.

This suggests that Nicira may want to provide the NOX code as open source, playing a role as major contributor, while developing commercial applications on top of that.
This is a typical approach that has been proven successful in the virtualization market at least two times: with XenSource (maintaining Xen and selling XenServer), acquired by Citrix, and Qumranet (maintaining KVM and selling SolidICE), acquired by Red Hat.

A NOX-powered network relies on OpenFlow switches, a server running the NOX controller and a database:

Labels: Leadership, Nicira, VMware

At the end of January Microsoft silently updated its Linux Integrated Components package to version 2.0, introducing the long awaited support for Red Hat Enterprise Linux (RHEL) guest operating systems in Hyper-V.

Microsoft announced future support for Red Hat operating systems in July 2009, since the open source vendor joined the Server Virtualization Validation Program (SVVP).
Customers had to wait no less than seven months to finally have a version of Hyper-V Linux Integrated Components that supports RHEL 5 (including 5.2, 5.3 and 5.4 versions, both 32 and 64bit).

Like for Novell SUSE Linux, Microsoft doesn’t include in the package the optimized drivers for mouse. To have those customers need to rely on Citrix, which is offering them as open source through the Project Satori.
On top of that Linux Integrated Components still only supports Linux virtual machines with a single virtual CPU.

In July 2009 Microsoft also released the package as open source, and despite the drama behind that launch, the move should guarantee that every major Linux distribution will be included over time.
Let’s just hope that the process will not take seven months for every distribution out there.

Thanks to HyperVoria for the news.

Labels: Microsoft, Red Hat

Leostream announces today a new minor version for its Connection Broker that arrives over five months after the 6.2 release.

In this update the company introduces a number of new features:

• support for the open source version of Xen (the one released by Xen.org)
• support for Sun Secure Global Desktop Software
• support for Ericom Blaze (which comes from the technology partnership signed in November 2009)
• a web client to access virtual desktops over HTTP/S connections
• control over the remote desktop protocol used by remote clients when multiple protocols are available
• a more granular set of roles and permissions that separate end users and administrators rights

While every feature above is welcome, the most interesting one is the support for Sun SDG.
The Oracle acquisition of Sun, and its declared intention to continue investing in the existing virtualization portfolio, is translating into new opportunities for those vendors that are struggling to compete with VMware in its own domain. And competing against VMware View can be pretty hard these days.

Labels: Leostream, Releases, VDI

A couple of weeks ago Citrix published a new architecture blueprint for its VDI platform XenDesktop.

The 38-pages document provides guidance to design scalable virtual desktop infrastructures based on Microsoft Windows Server 2008 and SQL Server 2005, Citrix Provisioning Server 5.1 and of course XenDesktop 4.0 (which includes the hypervisor and XenApp 5).

In this paper Citrix doesn’t push for the adoption of XenServer 5.5 but highlights that XenDesktop is hypervisor agnostic and can work with VMware vSphere and Microsoft Hyper-V as well.
The company doesn’t even detail if and how different hypervisors will impact the scalability of this architecture but it offers some reference metrics in case you plan to use XenServer.

Labels: Citrix, Papers, VDI

Last month VMware lost Ganesh Mahabala, its Regional Director for India and SAARC region, CRN reports.

Mahabala has worked in VMware for almost three years and now has joined the system integrator Valuepoint Systems.

This is the third major change in the Indian executive team that virtualization.info reports.
In July 2009 VMware hired T. Srinivasan as its new Managing Director and in October 2009 Shrimathi Ambastha as its Director of Technology.

Labels: Leadership, VMware

At the beginning of January Microsoft launched its Platform-as-a-Service (PaaS) cloud computing offering: Windows Azure.
Despite the company’s Chief Architect Ray Ozzie said that Azure will be able to compete with Amazon EC2 and similar Infrastructure-as-a-Service (IaaS) clouds, this component is not yet accessible, or at least we couldn’t find it, and Microsoft didn’t even officially confirm it exists.

A couple of months ago virtualization.info suggested that the IaaS component of Azure may appear in March, because Microsoft is going to release a cloud toolkit that month. 
It seems that Azure will indeed start hosting virtual machines in March 2010 according to TechTarget:

…Microsoft has announced plans to add support for Remote Desktops and virtual machines (VMs) to Windows Azure, and the company also says that prices for Azure, now a baseline $0.12 per hour, will be subject to change every so often.

Prashant Ketkar, marketing director for Azure, said that the service would be adding Remote Desktop capabilities as soon as possible, as well as the ability to load and run virtual machine images directly on the platform. Ketkar did not give a date for the new features, but said they were the two most requested items…

The quoted part of the article doesn’t mention the timeframe that was originally published but somebody has been fast enough to quote it:

Microsoft is expected to add support for Remote Desktops and virtual machines (VMs) to Windows Azure by the end of March, and the company also says that prices for Azure, now a baseline $0.12 per hour, will be subject to change every so often…

March or not, Microsoft has acknowledged once again that Windows Azure will host virtual machines. This will put the company in direct competition with Amazon and VMware on the public/private cloud front.

If Microsoft can host a significant number of companies on Azure, it may improve the market perception around Hyper-V. Additionally, customers that will be able to experience and judge the Microsoft approach to cloud computing without running expensive pilots, may build confidence in a Hyper-V powered private cloud.

It’s likely that VMware will answer by launching its project Redwood and showing what happened to those $20 million invested in Terremark.

Labels: Cloud Computing, Microsoft

At the end of January VMware revealed that is working to increase its virtual machines density up to 16 VMs per core, mostly for VDI environments. That is twice the average amount of VMs that customers seems able to accommodate today, and VMware suggested that this record depends on new Intel Xeon 5500 (codename Nehalem) CPUs.

Anyway, that number came out during an interview, with no additional details, so there’s a lot of analysis to do before getting excited.
Nonetheless, the claim generated much interest (and skepticism), at the point that Citrix decided to answer.

The company says that it can cram into a single physical server up to 125 virtual desktops (and 500 hosted shared desktops and 5,000 local streamed desktops) with XenDesktop 4.0 and the Xeon 5500 CPUs.

Now, even if we know that Nehalem CPUs have four cores each, Citrix is not saying how many CPUs are powering this single server. We assume it’s a two socket system, which would mean 16 VMs per core.
The difference is that VMware seems to expect such density in future versions of View, while Citrix is claiming that it can deliver it today.

Can the two companies qualify these statements please?

Update: Citrix promptly answers with details: 130 Windows XP desktops on a 72GB, dual socket, quad-core Intel Xeon x5570 (codename Nehalem) host, running XenServer 5.5 and XenDesktop 4.0.

Citrix measured the density using the independent benchmark framework called Project Virtual Reality Check, which already raised a lot of attention exactly one year ago, when it was used to compare performance of VMware ESX, Citrix XenServer and Microsoft Hyper-V for Terminal Services and VDI workloads.

Labels: Citrix, VDI

A number of things can be said about virtual appliances (VAs). For a start, they can be a powerful vector to quickly deploy applications without the burden of setting up a possibly complex environment, giving a kick-start to a project or testing new products in a timely fashion.
Virtual appliances are being also marketed as a mean to reduce hardware proliferation for uni-tasker machines, something small and medium enterprises are quickly growing tired of.
However, since in this column we're addressing security issues in the virtualization domain, that's where we're going to focus.

In my experience, vendors and customers are thinking about virtual appliances more in terms of software than of standard, hardware appliances. Maybe it's a psychological effect - you can download and copy software and virtual appliances, not metal boxes - or maybe it's due to conscious marketing efforts.
However, I’m assuming this is a widespread mindset: this perception is quite important, having an impact on at least two of the four topics we are going to present in this article.

Trust
By downloading a virtual machine you are implicitly trusting the vendor, hoping that the virtual machine
won't bring worms, viruses or backdoors in your network. The very same thing, however, has always been true for any software or appliance you bring inside your environment. What's different here?
Once again, it's subtle yet important: the approach.

No enterprise is likely going to bring a physical appliance inside its network before a certain degree of trust had been built with the vendor. What about standalone software, then? Think about antivirus and their heuristics, think about personal firewalls, think about sandboxes: many technologies can somehow mitigate the impact of any given malware, or at least make it less stealth. However, as of today we're lacking such mitigation techniques when it comes to virtual machine: even a skilled analyst would have a very hard time analyzing a whole virtual machine - compare it to the well-established literature on malware analysis under Microsoft Windows.
In the end, running a virtual appliance inside your network is more an act of trust than just installing a software or deploying a hardware appliance.

Management and update
virtualization.info already noted, in a post more than three years ago, how operating system and application stack patching potentially is a critical issue when it comes to virtual appliances. After three years one can easily see how many virtual appliances available for download are running outdated operating systems or services, thus confirming our thesis once again: a VA is not a software, it's a full stack, and thus it requires a completely different "patch and management" effort from ISVs.

Control
Controlling what's going on inside a virtual machine is actually something different than just checking for
malware or malicious behavior. It means knowing what is inside the VA, what it is storing and where.
It's not unlikely that, at some point in the future, an ISV is going to ask the customer to "send back home" the virtual machine files, instead of just sending logs for debugging purposes. Some ISVs are already producing "cleanup scripts", which have to be run on a clone of the virtual machine to delete any personal information in order to safely send the machine back home. However, we're speaking about a full-blown system, which is very difficult to completely sanitize. Even VMware is having issues sanitizing its own virtual appliances, and this should tell a lot about what we can expect from this path.
Every time we use a VA we must remember it's not just a software, abstracted from the operating system: it's a full blown machine, and this makes a difference from a security perspective.

There is yet another issue which I named "The clone wars".
Any VA is the same all around the world: all customers are using the same virtual machine, which means the very same files.
This implies, at the very least, the same passwords, the same cryptographic keys used to encrypt traffic or authenticate.
It might be possible for an aggressor owning a copy of the same VA to leverage the knowledge of some "secret" to take over the appliance, decrypt its traffic or perform other attacks: an unchanged root password is all it takes. While tools like VMware Studio are available to address the issue, their usefulness is somehow limited by concerns on pseudo random number generators in virtual machines: if a supposedly "fresh" seed is reused, the security of many algorithms is compromised.

In the end, Virtual Appliances like all virtualization technologies are a huge cost saving opportunity with the potential to improve manageability. However, like many other technologies, their security must be evaluated carefully using new, different approaches to avoid being unaware when a security bug hits.

Labels: Security

In September 2009 VMware announced an OEM agreement with RTO Software to offer its Virtual Profiles product as part of View.
Virtual Profiles is a mandatory piece to manage the so-called persona (the user data and customization of the applications and the system environment) in a virtual desktop infrastructure.

The most interesting part of this deal is that RTO Software has the same agreement with Symantec, which competes in the VDI space with VMware.

Now Brian Madden is reporting that Symantec has suddenly stopped selling Virtual Profiles (called Workspace Profiles in their portfolio) and that every reference to the product disappeared from the corporate website.

Madden suggests that this is a sign that VMware acquired RTO Software. The standard answer he received from the company PR department is that the company doesn’t comment on rumors or speculation.
Of course not.

Labels: Acquisitions, RTO Software, Symantec, VMware

As most virtualization.info readers know by now, Cisco is leading a new trend in computing architectures by pushing for datacenter-in-a-box solutions, where the entire computing stack is designed and integrated to work as a whole.

It is the Apple philosophy applied to the data center. Or a modern interpretation of mainframes, if you prefer.

Oracle, thanks to the acquisition of Sun, announced its plan to do the same. In some ways HP is already going in the same direction, and may release more interesting solutions in the near future now that it has 3Com. 
IBM seems more interested in POWER architecture than in these x86 computing blocks.

What about Dell?

Today PC World published an article revealing that the computer manufacturer will launch a new line of computers, CloudEdge, designed by its Data Center Solutions division, for “cloud computing” infrastructures.

Dell is moving from custom designed hardware to standardized products that plans to sell to a wider audience, from public cloud computing providers to large enterprises.
Dell also plans to bundle these systems with Microsoft and VMware hypervisors, plus the orchestration framework provided by Scalent.

The whole thing is quite surprising considering that Dell already has an OEM agreement with Egenera, the US startup that offers a datacenter-in-a-box product since much earlier than Cisco and others.
Egenera already supports hypervisors, and includes the orchestration layer needed to control the whole computing stack.
Why Dell prefers to develop a new class of machines rather than using something that is already selling and that is tailored for fabric computing?

Labels: Cloud Computing, Dell, Fabric Computing