Virtualization.com

News and insights from the vibrant world of virtualization and cloud computing

Guest Posts

openQRM 4.0 (Beta), Going Strong

by Leave a Comment

Matt Rechenburg has just announced the beta version of openQRM 4.0.

Not even that long after Qlusters decided to set the project free, the openQRM team has changed directions in a way Qlusters never would have allowed.

openQRM 4.0 is a major rewrite of the openQRM functionality in PHP. The openQRM team has been listening to the community and learned that contributions will be much easier if the tool would be rewritten in a scripting-based language. They decided to keep the platform as simple as possible.

Plugin support now is a lot easier, rather than having to reconfigure and enable plugins from the command line, one can now enable plugins from the webGUI (similar to the Drupal modules)

The old openQRM provided a lot of proprietary libraries and tools that were already available on a typical Linux distribution. From now on, openQRM will use the tools available from the distribution.

The goal of openQRM hasn’t changed , the focus of the project is still on on rapid-, appliance-based deployment, virtualization and storage management.

Still no news from the Qlusters side however, and their site obviously needs an update.

Build Your Own Cloud!

by 2 Comments

Given enough hardware, you can now build your own Amazon Elastic Cloud or similar platform. And all in Open Source.

A group of developers from the Department of Computer Science at the University of California, Santa Barbara has recently released a tool that can make your personal Cloud dreams come true!

EUCALYPTUS – Elastic Utility Computing Architecture for Linking Your Programs To Useful Systems – is an open-source software infrastructure for implementing “cloud computing” on clusters. The current interface to EUCALYPTUS is compatible with Amazon’s EC2 interface, but the infrastructure is designed to support multiple client-side interfaces

Eucalyptus

Eucalyptus has been developed in the MAYHEM Lab within the Computer Science Department at the University of California, Santa Barbara, primarily as a tool for cloud-computing research. It is distributed as open source with a FreeBSD-style license that does not restrict its usage much. Eucalyptus 1.0 targets Linux systems that use Xen (versions 3.*) for virtualization.

Eucalyptus is based on the Rocks cluster management platform. In the future, the EUCALYPTUS team will offer a source release along with other methods of deployment.

Being API compliant with Amazon EC2 means you can reuse the tools you already wrote for Amazon and effectively build your own while not having to change your applications. EUCALYPTUS also opens the door for other organizations with spare CPU cycles to offer Virtual Machines instances at a competitive price.

Eucalyptus 1.0 was just released last month and the ISO iso available for download.

See also the report on Ostatic.

If you’re interested in this topic, you should check out Structure 08, an upcoming conference on cloud computing, infrastructure and virtualization (we’re a media partner for this event).

Who Owns Virtualization Security? The Hoff/Crosby Debate

by 5 Comments

We’ve decided to cross-publish a blog post by Gregory Ness, VP of Marketing for Blue Lane Technologies, because we think it delivers a good insight in the whole Hoff/Crosby debate about virtualization security (virtsec, if you will).

Gregory NessLast year when I blogged about the impact of virtsec on the world of static security I focused on how virtualization could degrade the effectiveness of security solutions. Since then we’ve seen a surge of vendor marketing around virtualization security (virtsec), from a growing corral of one trick pony start-ups with various Barney announcements (“I love you, you love me…”) to the likes of the world’s leading security companies joining VMware’s unprecedented, visionary VMsafe initiative.

Last month I blogged about data center security’s key requirements, which included virtsec. My point was that virtsec will require more intelligence and agility than perimeter network security, because it will need to be deployed within the hypervisor layer and will consume hypervisor resources. Simply moving deep packet regular expression inspection engines into the hypervisor layer could add big hypervisor footprints and/or unacceptable levels of latency. These problems aren’t new; they’ve been hidden by faster and faster dedicated hardware at the network perimeter.

That’s why I found a recent virtsec blog exchange between Hoff and Crosby so disconcerting. Two brilliant guys with two very different perspectives are arguing about the ownership and accountability of virtualization security. Chris Hoff is a security guru with a sizable following who has been among the most vocal on the virtsec challenge. Security blogger Rothman calls Hoff Captain Virtual because he has been on a tear when it comes to the blog debate around virtsec.

Simon Crosby is leading the virtualization charge for Xen/Citrix and he insists that virtualization platform vendors should stay focused on securing their platform versus the new infrastructure they’re enabling. Like Chris, Simon is one very smart guy with a deep technology background in virtualization. And from Simon’s perspective he doesn’t sound unreasonable.

The virtualization security debate thus far has had so many issues swept underneath it by various parties that it resembles a lumpy rug. Simon and Chris are exposing some of the lumps as they humor each other with comments about smoking cigars from the wrong end and the following (from Hoff):

“Focusing only on your little patch of grass is short-sighted and it won’t work. Just like it hasn’t worked in the past. It’s a disaster waiting to happen, and you’re enabling it”. – Hoff

The problem isn’t that these two very smart guys disagree; it’s rather that this disagreement promises to play itself out on a micro-level in enterprises around the world, as I commented last year in “VM Security- The Keys to the Virtualization Kingdom.” And no one stands to win, except those hoping for a slow adoption.

Perhaps Rothman is right to suggest that security will stay tactical and reactionary when it comes to virtsec, because that has been the recent history of netsec on many fronts. Yet if virtsec isn’t done right it could jeopardize the very flexibility and efficiency that virtualization enables. Strategic virtsec is an enabler of growth; tactical virtsec is a rocky road.
Rothman’s scenario seems to anticipate the rocky road: the slow and grinding deployment of hypervisors in production stretched out for years, as tactical decisions and budgets respond to new risks and events driven by cycles of hacks, reactionary regulatory responses and internal operations and security discussions. Feels a lot like the status quo today, doesn’t it? I hope he’s wrong.

The colorful and spirited debate between Hoff and Crosby is very symbolic of the issues we’ve discussed here since my initial virtsec blog in Feb 2007.

Unfortunately I think this debate risks becoming a metaphor for production data center virtualization; it feels to me like two different worlds colliding in a potentially myopic haze of finger-pointing and original sin debates. That scenario will not help Citrix/Xen virtualize production environments, and I think that is why Hoff’s points bear such weight. And I’m not sure that Crosby gets this given his thoughtful and understandable Mother of All Misunderstandings response to Hoff.

I think the mother of all misunderstandings is about to play itself out as “a funny thing happened on the way to the datacenter” scenario. When Caesar crossed the Rubicon he knew his security profile would change, but he still underestimated the Senate. If Citrix doesn’t show leadership (ala VMware and VMsafe, etc.) and instead talks about security as “other people’s problems” its growth in the data center could experience a thousand cuts Caesar style as internal conflicts and strife within customers (between the Hoff’s and Crosby’s) could demonize the incredible and undeniable power of virtualization to enhance data center security.

The virtualization and security vendors can either lead on this issue as an opportunity to enhance security today or merely create awareness around the new risks and dynamics and talk about far-off solutions that may one day work when the market matures. One strategy will lead to the faster deployment of hypervisors in production; the other will fulfill Rothman’s prediction.

Virtualization is a massive opportunity to escape the cycle of attack followed by tactical/regulatory response and establish a new order, with security pros getting powerful, flexible new capabilities to protect systems. That will require leadership and new thinking and a full appreciation by those who don’t want to relive the past. Security may turn out to be strategic to virtualization in ways that it couldn’t be strategic to the network. The hypervisor layer is perhaps the most substantial strategic security opportunity in many years. Let’s hope we leverage it to its fullest.

Xen Summit Boston, Partial Schedule Announced

by Leave a Comment

Stephen Spector has just announced the current agenda for the upcoming Boston Xen Summit.

Ian Pratt and Keir Fraser will kick off the event with an overview of the Xen roadmap.

After that there will be talks about XenLoop, A Transparent Inter-VM Network Loopback Channel and trusted VMs. Tamura Yoshiaki from NTT will be talking about Virtual Machine Synchronization for Fault Tolerance using DomT and other topics are still under review by the Program Committee.

More news when the final schedule is announced .

KVM Forum 2008 Schedule Has Been Announced

by 1 Comment

The schedule for the upcoming KVM 2008 forum in Nappa, CA is up.

Qumranet, as the main KVM sponsor, is inviting all KVM developers to their second KVM summit on June 10 to 13th at the Marriot Napa Valley, California.

Many of the world’s top kernel developers will gather to discuss the state of the union on KVM and virtualization technology in general. More specifically, the group will plan the technology roadmap and future of KVM.

Avi Kivity will be keynoting, and off course Qumranet will also talk about KVM in Solid ICE. Apart from that, there will be a variety of presentations from Red Hat, IBM, Transitive and Intel representatives.

Gerd Hoffmann of Red Hat (SUSE in a previous role) will be talking about mixing Xen and KVM with xenner, which is a utility able to run Xen paravirtualized kernels as guests on Linux hosts, without the Xen hypervisor and using kvm instead.

Different IBM people will be discussing the state of KVM on Big Iron and PowerPC. And there will also be some talk about Open-ovf , an open source software project around the Open Virtual Appliance Format.

Stay tuned for more!

(Full disclosure: Virtualization.com is a media partner of the KVM Forum 2008)

Xen 3.2.1 Released

by Leave a Comment

Keir Fraser has announced the availability of Xen 3.2.1 and 3.1.4, both bugfix releases in the Xen 3.1 and 3.2 series.

The 3.2.1 release contains architectural improvements and new user-visible features including:

  • Xen Security Modules (XSM)
  • ACPI S3 suspend-to-RAM support for the host system
  • Preliminary PCI pass-through support (using appropriate Intel or AMD I/O-virtualization hardware)
  • Preliminary support for a wider range of bootloaders in fully virtualized (HVM)guests, using full emulation of x86 real mode
  • Faster emulation of standard (non-super) VGA modes for HVM guests
  • Configurable timer modes for HVM guests, depending on how the guest OS manages time-keeping
  • Many other changes and enhancements across all supported machine architectures

As usual downloads are available at Xen.org