Kris Buytaert

VirtualBox 2.0 Hits The Wire

September 4, 2008 by Kris Buytaert Leave a Comment

Sun just announced the availability of Sun xVM Virtual Box 2.0.

The biggest change in xVM VirtualBox 2.0 is the new support for 64-bit versions of operating systems like Windows Vista and Red Hat Enterprise Linux, in addition to all other major host operating systems. VirtualBox also offers a new user interface for the Mac platform, improved networking for the Mac OS X and Solaris OS, as well as improved performance, especially on AMD chips.

Customers who purchase an enterprise subscription will also receive a Right-to-Use License, allowing them to deploy the xVM VirtualBox platform using their own software deployment tools.

The following major new features were added:

* 64 bits guest support (64 bits host only)
* New native Leopard user interface on Mac OS X hosts
* The GUI was converted from Qt3 to Qt4 with many visual improvements
* New-version notifier
* Guest property information interface
* Host Interface Networking on Mac OS X hosts
* New Host Interface Networking on Solaris hosts
* Support for Nested Paging on modern AMD CPUs (major performance gain)
* Framework for collecting performance and resource usage data (metrics)
* Added SATA asynchronous IO (NCQ: Native Command Queuing) when accessing raw disks/partitions (major performance gain)
* Clipboard integration for OS/2 Guests
* Created separate SDK component featuring a new Python programming interface on Linux and Solaris hosts
* Support for VHD disk images

0wning Xen … In More Detail

August 25, 2008 by Kris Buytaert Leave a Comment

Over at her own blog, Joanna Rutkowska from Invisible Things has some updates on their findings about Xen security as we earlier reported.

Joanna argues that most of the attacks presented indeed require that the attacker first gains access to the Dom0 before he can launch the attacks but that doesn’t take away the severeness of the issues.

Other rootkits also require for the attacker to first gain root access before he can hide his toolset from the eyes of the administrator.

She continues to argue that other attacks already provide people with potential access from DomU to Dom0 via a virtual machine escape bug

But even there the attacker first has to gain root in the DomU before he can potentially climb up to Dom0

Still there’s a significant difference in gaining (root) access, and hiding the fact that you got it. But indeed neither of both should be possible

Workspace Service Morphs Into Nimbus 2.0

August 19, 2008 by Kris Buytaert Leave a Comment

Grid is dead, and reinventing itself as Cloud. All kidding aside, the idea of providing a virtual machine instance as a service in the Grid rather than just CPU time with the appropriate environment and libraries to be used by different users isn’t new; it actually makes a lot of sense to provide e.g. a working virtual machine instance for a complex scientific application, which is a lot easier than having to document the correct setup for fellow researchers to implement.

The Workspace Service project part of Globus.org has just announced it’s rebranding and releasing the 2.0 version of what will now be known as Nimbus.

One of the core services of the Virtual Workspace project was orchestrating the deployment of VMs on remote resources as well as the release versioning. Today, Nimbus is a set of tools that together provide a “infrastructure-as-a-service” (IaaS) cloud computing solution targeted specifically towards scientific applications. Many non-scientific use cases are supported as well.

Nimbus allows a client to lease remote resources by deploying virtual machines (VMs) on those resources and configuring them to represent an environment desired by the user.

It was formerly known as the “Virtual Workspace Service” (VWS) but the “workspace service” is technically just one the components in the software collection.

Just as Eucalyptus, it is capable of managing clients that are compatible with the Amazon EC2 service.

Open Source Virtualization management platforms like Nimbus , Eucalyptus, OpenNebula and openQRM are catching on. This probably isn’t the last one we’ll learn about. The question is which one will survive eventually.

IBM launches the open-ovf project

August 14, 2008 by Kris Buytaert Leave a Comment

Scott Moser from IBM’s Systems Technology Group has released the first version of the open-ovf project. OVF is a standard packaging format for virtual machines and software appliances. The open-ovf project is seeking contributors and users to help establish OVF as a transparent and platform-neutral method for packaging virtual machine images.

The goal of open-ovf is to be able to deploy a single OVF package to either Xen or KVM.
Eventually expanding that list to include VMware, Hyper-V, and other platforms. For that goal they are looking at community contributions. A good start might be the qemu-img tool that already knows how to convert between different formats.

The Distributed Management Task Force (DMTF) has defined a vendor-neutral standard for packaging virtual appliances enabling automated installation, configuration and activation of any virtualization platform. The Open Virtual Machine Format (OVF) specification describes an open, secure, portable, efficient and extensible format for packaging

For a summary of OVF and the open source project, see the presentation from the recent Xen summit
The open-ovf project is hosted on sourceforge and the source code is available from it’s git repository

Should VMWare Watch Out For VirtualBox?

August 14, 2008 by Kris Buytaert 1 Comment

Or for a lot more?

IT Wire has a good introductory article about VirtualBox.

Sadly their introduction is a bit wrong in the details, as VirtualBox obviously is not “the only professional virtualisation solution that is freely available as open source software under the GNU General Public License (GPL.) Why this matters is because it’s truly free, as in freedom.”

Amongst others Xen is also fully GPL, and given its backing from both Citrix and most of the major Linux vendors it’s also professionally supported.

Also it also isn’t the only one that can run unmodified guests , both KVM and Xen can do this, given the these days standard VT hardware support. VirtualBox however does not need VT support (and neither did Qemu).

However, it’s still a fairly good introduction and keeping these remarks in mind it’s a good read, and it shows that VMWare should watch its back, and not just for VirtualBox

0wning Xen?

August 11, 2008 by Kris Buytaert 1 Comment

InvisibleThings.org posted some more details on their Xen Owning Trilogy session at last weeks Black Hat conference in Las Vegas.

Joanna Rutkowska and her crew gave a series of 3 talks discussing different potential security issues with Xen. With the VirtSec awareness growing this obviously is an important topic .

When quickly skimming trough the presentations the big question that arise is , how relevant is this all for a day to day production environment. Given the fact that some exploits assume you already root before you can install a stealth backdoor and others rely on specific hardware features that might or might not be available in your setup things might be that critical yet.

All 3 talks can be found on the Invisiblethingslab.com site

Virtualization.com will have a closer look at the discussed issues and we’ll be back with more detail later.