Monthly Archive

As described in the VMware announcement:

[A] new security technology called VMware VMsafe™ that protects applications running in virtual machines in ways previously not possible in physical environments. The VMsafe APIs allow vendors to develop advanced security products that combat the latest generation of malware. VMsafe technology integrates into the VMware hypervisor and provides the transparency to prevent threats and attacks such as viruses, trojans and keyloggers from ever reaching a virtual machine. Twenty security vendors have embraced VMsafe technology and are building products that will further enhance the security of virtual machines, making the virtual environment unmatched in the level of security and protection it provides compared to physical systems.

“VMware already has the most trusted virtualization platform for running applications, and we are now raising the bar on security in ways that physical systems simply cannot match,” said Raghu Raghuram, vice president of datacenter products and solutions. “The industry has come out in full force to support VMware VMsafe technology with plans for a whole new class of security products that offer customers new advantages to running applications in virtual machines.”

So it looks like VMsafe will be a method that security vendors can use in order to ensure that operations in the virtual world will remain just as protected as our meatspace servers

In Dianne Green’s keynote today, you’ll note that almost all of the typical security players have signed up to be part of this platform - I’m guessing it could be quite lucrative, with TCOs everywhere looking for bigger, better tinfoil hats.

Related Articles:

VMware has recently updated the VMware Thinstall page and is now offering a download of what they call “Project North Star” - a Thinstall product.

Also not that there is a thinstalled version of Firefox available for download from the same page.

Through Dianne Green didn’t speak a whole lot about Thinstall at VMworld today, it’s good to see VMware at least touch on it a bit as the appvirt vendors are keen to find out what sort of developments are to come.

Related Articles:

From the official Riverbed RiOS 5.0 announcement:

“[]announced the launch of version 5.0 of the Riverbed Optimization System (RiOS(TM)), which powers the award-winning Riverbed(R) Steelhead(R) product line. RiOS 5.0 extends the Riverbed lead in delivering to its customers the best speed for the broad range of applications important to businesses of every size and across all industries. With the introduction of RiOS 5.0, Riverbed is the first vendor to provide application-level protocol optimization for Microsoft Exchange 2007. This makes Riverbed the first and the only vendor to accelerate Microsoft Exchange 2000, 2003 and 2007. In addition, Riverbed is building upon its lead in delivering solutions to enhance IT flexibility and capabilities with new scale, simplicity and security features, including the new RiOS Services Platform (RSP) for delivering virtualized edge services without the need to deploy additional branch office servers.

Riverbed has expanded its support for Microsoft Exchange environments and is the first WDS vendor to deliver a protocol optimization specifically for the Exchange 2007 protocol (MAPI 2K7) at the application layer. Riverbed is the only vendor that provides application-level optimization for Exchange 2000, 2003 and 2007.

More Application-Level Acceleration

In RiOS 5.0, Riverbed adds to its existing HTTP and HTTPS acceleration capabilities by further improving the performance of enterprise Web applications, including SAP NetWeaver, Oracle, PeopleSoft/JD Edwards, Microsoft and Siebel CRM, SharePoint, and Outlook Web Access (OWA). In RiOS 5.0, Riverbed can further reduce the chattiness and delay often associated with enterprise Web-based applications. Users of RiOS 5.0 will see additional performance improvements of up to 10X for their Web applications.

RiOS 5.0 also delivers acceleration capabilities for Oracle 11i applications running in HTTP mode. This acceleration builds on the existing RiOS support for Oracle 11i Jinitiator socket mode optimization and targets the Oracle E-Business suite of applications, particularly Oracle forms traffic and reporting, as well as other application operations. Riverbed is the only vendor that provides application-level optimization for Oracle 11i.“ 

Related Articles:

More purchases and conglomeration on the way this year.

The buzz at VMworld Europe, before it has even started, is that Novell is to purchase Canadian data center management software company Platespin. Novell has now posted the news on their site, and many are scrambling to figure out where this will lead them as the software is very popular in the VM market. (UPDATE: Platespin have posted their announcement regarding the Novell acquisition as well)
Novell is starting to grow again: it now owns SuSE Linux, Ximian (original makers of Gnome), and just recently purchased open colaboration vendor SiteScape.

If you’d like more info about the acquisition, feel free to register for the Novell-Platespin webinar.

From the Platespin announcement:

On February 25, 2008, Novell announced that it has entered into a definitive agreement to acquire PlateSpin Ltd. The combination of Novell’s platform and automation management with PlateSpin’s leading solutions for workload relocation, protection and provisioning will give customers the agility to cross physical and virtual boundaries so IT can work together. Both organizations are focused on helping customers maximize the strategic value of the heterogeneous data center. Novell and PlateSpin will deliver products for complete workload lifecycle management and optimization for Linux, UNIX, and Windows operating systems in the physical and virtual data center. Below you will find details about the acquisition and what it means to current and future PlateSpin customers and partners.

From the Novell announcement:

The acquisition of PlateSpin will allow Novell to offer customers a full solution stack with a powerful virtualization platform and a best-in-class heterogeneous management solution. Together, Novell and PlateSpin will solve many of the data center challenges that customers face today, including:

• Relocation: PlateSpin provides a completely integrated product suite that automates the assessment and migration phases of data center initiatives, like server consolidation, data center relocation and hardware upgrades, to help customers reduce costs, power consumption and space in the data center.
• Protection: PlateSpin’s disaster recovery solutions offer affordable workload protection that leverages virtualization technology to protect both physical and virtual servers in the data center, for improved security and business continuity.
• Provisioning: Using PlateSpin’s technologies, customers will have a single approach to imaging and configuring physical and virtual workloads regardless of platform. This eliminates the manual install process and dramatically reduces the time to provision new server workloads. It will also enable customers to address changing resource requirements at peak demand times as well as in test lab scenarios.
• Optimization and Management: Novell and PlateSpin optimize the balance between physical and virtual infrastructure by automatically monitoring and making infrastructure adjustments based on server availability and workload demand. By automating the process and increasing the visibility into how workloads use physical and virtual resources over time, customers will be able to increase server utilization and optimize their data centers by better addressing common workload movement challenges.

Read the rest of this entry »

Related Articles:

Oops!

Luckily I had a feeling that host shared folders was a bad idea…

From VMware:

“On Windows hosts, if you have configured a VMware host-to-guest shared folder, it is possible for a program running in the guest to gain access to the host’s complete file system and create or modify executable files in sensitive locations.”

The fix? For now they recommend disabling shared folders as there are no patches for any of the products affected: VMware Workstation, VMware Player, and VMware ACE.

Related Articles:

From TechTarget:

EMC Corp. has acquired a startup still in stealth called Pi Corp. in
an all-cash transaction for an undisclosed amount.

Pi Corp. founder and CEO Paul Maritz will join EMC as president and
general manager of EMC’s newly created Cloud Infrastructure and
Services Division, reporting directly to EMC CEO Joe Tucci. The new
division will also include the EMC Fortress SaaS infrastructure, the
Mozy online backup service and “other upcoming EMC cloud
infrastructure systems and software offerings under development.”

This is interesting to me as I see it as the “new next big thing”.

Currently the only people really loud in this space are Google and Amazon.

I highly doubt we will see much come out of either party until the very soonest Q2 2008 (Mozy update), but expect a product by year-end.

Related Articles:

This list is subjective, and you’ve been warned!

All of these virtual appliances have been tested with ESX server, and may have issues elsewhere.

For appliances that needed it, I used VMware Converter, the version that ships with Virtual Infrastructure 3.5 (VI3.5).

Please note that both ESX 3.5 and Virtual Center 2.5 are available as trials from VMware currently, and I would highly recommend trying them out as it really is night and day compared to VMware Workstation, Server and Player.

That said, for the most part you’ll be fine working with VMware Server 2.0 - it’s free and has a special version of VMware Infrastructure Client to boot.

The list:

1. Astaro Security Gateway - This is a must in any build for me. I use this to bridge between my LAN/WAN and the virtual networks that I create. There is a 10-device, 1000 connection “home user” license available from My Astaro that should be more than sufficient to get you up and running with a clean, secure virtual network.
2. Ubuntu 7.10 JeOS Mini-image - this image weighs in at only 70MB or so, expands to roughly 200MB, has apt-get installed, and is a perfect candidate for building virtual appliances with. VMware tools is installed, so you don’t need to worry about things like date and time sync.
3. OpenBSD 4.2 - The OpenBSD image is great for getting started in the OpenBSD world: learning the shell, commands, networking, and in my case, firewalling. The verison I use comes from Chrysaor.info, but feel free to use your own.
4. OpenSuSE 10.3 - I can’t live without this virtual appliance - I use it for just about everything, and is the first appliance installed in any environment. Note that it is a bit bloated, containing USB, sound and other components typically not needed in a virtual environment. On the other hand, since it’s tried and tested on my end, it’s a lifer.
5. Trac - I use Trac as a wiki and VM staging log. I consider all VMs, hosts and Virtual Center as software projects, and monitor changes closely. If ever I need to pull up quick info about a virtual machine, host, network, router or firewall, it’s all in Trac.
6. Wordpress - I use my Wordpress virtual machine to stage different versions of blandname, to test updates, upgrades, and plugins. This also allows me to change themes, move Adsense blocks around, and generally to play without fear of losing revenue or breaking something.

Read the rest of this entry »

Related Articles:

Lots of moving and shaking so far in 2008, and here’s yet another “love-in” announcement, this time from Fortinet (lesser known security vendor currently partnered with HP on the ProCurve line) and Riverbed, who we’re all getting to know as the darling of Wall Street, the WAN acceleration vendor that sells solutions that can even put Cisco to shame (my opinion, not my employer’s of course).

From the press release:

“San Francisco – February 19, 2008 – Riverbed Technology, Inc. (Nasdaq: RVBD), the technology and market leader in wide-area data services (WDS), and Fortinet, a pioneer and leading provider of unified threat management (UTM) solutions, today announced an alliance that enables the two companies to deliver complementary best-of-breed security and application acceleration solutions to enterprise customers for managing their distributed workforces.

Through Fortinet’s Elite-level membership in the Riverbed Technology Alliance (RTA), Fortinet, Riverbed®, and their channel partners can immediately provide security and WDS solutions for remote offices, data centers, and mobile workers that are functionally superior to those of competing alternatives.

“Together, Riverbed and Fortinet address the need that enterprises have to secure their data; accelerate the performance of applications running on wide area networks (WANs); and reduce IT infrastructure complexity and costs,” said Mark Williams, principal architect for enterprise infrastructure at Mercury Insurance. “Implementation of two market-leading technologies such as WDS solutions from Riverbed and Fortinet’s ASIC-accelerated integrated security appliances should meet this need while instilling confidence in enterprise companies of all scales.”

This partnership takes advantage of the complementary capabilities of the companies’ two product lines and the ability to cross-sell to their broad global customer bases. Riverbed and Fortinet combined have nearly 30,000 customers, spanning enterprise vertical markets and service providers, and approximately 2,000 distributors and resellers who can benefit from the comprehensive solutions that this partnership will produce.

Read the rest of this entry »

Related Articles:

From Microsoft:

“We know that many of you are anxious to get your hands on the Windows Vista Service Pack 1 RTM bits. And to that end, we have some good news. We are pleased to announce that–while broad RTW availability is still scheduled for March–the SP1 Update RTM bits are available now to TechNet subscribers. If you are subscriber, please visit TechNet Plus Subscriptions and sign in to access Top Subscriber Downloads. If you have a prior version of the SP1 beta installed, you must uninstall it prior to installing the final version. Check out Things to know before you download Windows Vista SP1 for more information, and for updated details on all aspects of Windows Vista SP1, stop by the Windows Vista TechCenter. “

Related Articles:

Riverbed has just announced an important update to its Interceptor software.

One of the nicest features is the added RAID alarm command, as well as a fix for unexpected reboots when fragmented packets are taken in by the Riverbed device.

Based on the latter alone, I’d be updating ASAP.

Oh, and also of note: “20042 Fixed a security problem where an attacker can cause scripts to be inserted into logs and executed when the logs are viewed through the web interface.”

Hmmm….

To download, navigate to the Riverbed Interceptor Support site, and login.

Changes from version 1.1.1 of the Riverbed Interceptor software to 1.1.2:

Fixed between 1.1.1 and 1.1.2:

• 14009 Fixed watchdog timeouts and deadlocks under heavy disk use.
• 15467 Fixed previous page and next page links on logging page so that logging filters are retained.
• 16184 Patched MIT KRB5 for security advisory 2007-002.
• 17938 Fixed problem where Interceptor does not come out of bypass after heavy traffic that caused going into bypass is stopped.
• 18054 Updated libpng for security advisories CVE-2006-5793, CVE-2007-2445, CVE-2007-5269.
• 18287 RBT-Proto port label no longer includes port 135.
• 18382 Enhance system diagnostics to provide additional RAID information for drive failures.
• 19093 Fixed problem where appliance was unable to communicate if link went down and then came back up after a multiple of 39 days of uptime.
• 19145 Added “raid alarm silence” command.
• 19288 Updated tzdata to 2007g for New Zealand changes to daylight time.
• 19632 Updated Apache web server to 2.0.61 to fix security problems CVE-2007-3847, CVE-2007-1863, CVE-2006-5752, CVE-2007-3304.
• 20029 Fixed handling of RST packets when there is is a NAT entry setup, a case of fixed target rules or probe caching.

Read the rest of this entry »

Related Articles:

Lately I’ve been scouring the web for used gear because there seems to be an influx of incredibly powerful stuff at amazing prices.

This all came about with me wanting to learn ESX 3.5, and needing the hardware as well as the network to run a feasible set up, with DRS, HA and Storage Vmotion. And I did it - on the cheap.

The first thing that you should know about ESX 3.5 is that it now works with many non/budget-RAID SATA chipsets, though not supported. Two that are readily available are Intel’s ICH5 and Silicone Image’s Sil SATA line. This typically depends on the BIOS you are using, but in regards to the ICH5, you’ll want to disable IDE compatibility mode, and as for Sil - you’ll sometimes want to turn on the RAID (though some Sil single channel cards also work, ie the Vantec SATA 1-port).

The second is that drive space is inexpensive. A 500GB SATAII Western Digital drive will only set you back about $100 CAD/USD. Two of these gives you redundancy! Combine the cheap drives with software like FreeNAS or OpenFiler, and you have yourself a 1TB iSCSI NAS for a fraction of the cost/MB of larger solutions. Just don’t pretend it’s foolproof… With any proper iSCSI, you’ll want some nice and spiffy ethernet cards, and in my case I used the tried-and-true Intel Pro 100 successor, the Pro 1000. You can find the Pro1000 GT for roughly $40, and a PCIe version of similar capabilities for about the same amount. The PCI version is compatible with VMware ESX 3.5, OpenFiler, FreeNAS, and Windows Server 2008. I hear the same goes for the PCIe version, and I will be able to let you know shortly.

Since we’re on the topic of networking, you’re going to either want two gigabit (gbit) switches, or a nice gbit switch with more ports and VLAN ability. I lucked out, and got a used 3Com SuperStack III (3C17706) for next to nothing. I’ve seen plenty of somewhat lesser-known (but just as nice) gigabit HP Procurve, Extreme Networks, and even Dell gear at plain stupid prices on ebay and Craigslist. Seriously. I’m talking 50$ for a 24 port 10/100/1000 switch! The trick on ebay is to not bid at all on stuff until it is about to end… then just pick it up. Well I guess everyone has figured that out by now, but it still works. Don’t draw attention to it by watching it like a hawk - just set up instant messaging reminders, and swoop in. As for Craigslist, I have RSS feeds for things I am interested in: 1U, 2U, 3U, 4U, 6U, rack, rackmount, etc. I check these on a regular basis, and make sure to email right away. Craigslist people are friendly, but will typically sell to the person who a) emails first, b) offers to pick it up the soonest, and c) doesn’t give them a hard time.

Now we’re into routing, mostly because I want to talk about it. This setup does not require any routing at all, but it’s a bit better to have a protected connection to the internet. My personal opinion here is to avoid Cisco at all costs, as recently the re-licensing has made buying one used a lot more expensive than in the past. That said, I do, in fact, own a Cisco router - what can I say! It’s like the gold standard. Of course my opinions are my own, and not that of my employer. For a cheaper routing solution, look to used Juniper, SonicWALL, and even open source stuff like Astaro (which also happens to run in VM…) Peronsally, I run a home licensed Astaro ten user virtual machine, a Juniper 5GT wireless, and barely use the Cisco 2611. That’s just me. If you’re having a hard time finding the Astaro licensing, just let me know, but rest assured it does exists, and is perhaps the EASIEST way to turn on VPN so you can have access to your virtual lab anywhere.

Alright, now we’re at the meat and potatoes - CPU and memory, the power behind all of this. Now, if power isn’t really a big deal, but you want to learn the cool features like the afore-mentioned DRS, HA and Storage Vmotion, the main thing you will want is memory. I’ve found that buying enthusiast RAM on Craigslist is VERY easy. Pick a brand like Crucial, OCZ or Kingston HyperX, and you’re bound to have masses of kids who all read the same articles, and are all selling the same RAM used, pretty much at the same time. Watch the trends, and you can easily build 4 boxes running over 3GB or RAM each, for cheap. Dirt cheap.

If you’re going the consolidation route, your best bet (used) is an Opteron solution. While you can find Opteron 185 and 175 chips on ebay, I find that they are asking a fortune for them because they are socket 939, and are considered top of the line for the specific platform. If you opt for the 165 dual core version, you can use cheap enthusiast RAM with great timings, and get a pretty good processor at the same time. It also means that you can get a motherboard to support both pretty much anywhere at bargain basement cost, and one that will typically have a Sil SATA chipset, or you can add one later.

In the case of the multi-box scenario - I’m using 4 Intel P4 3.0GHz HyperThreading processors. Not powerhouses by any means, but when it comes to storage, you can get Intel P4 motherboards that have ICH5 chipsets very easily because they well so prolific at the time - just make sure to watch those temps.

I think that kinda sums it up, as far as a used, cheap, VMware ESX 3.5 lab goes.

If you have any questions, feel free to shout them out.

Related Articles: