research

Is Virtualization The Biggest Security Vulnerability In IT Today?

April 9, 2008 by Robin Wauters 2 Comments

The question is asked by Senior Reporter from Forbes Andy Greenberg, who attended the security industry’s big annual confab, the RSA Conference, and wrote up an article aptly titled ‘Virtualization Dark’s Side’. He writes:

“In the past few months, security researchers have revealed bugs in practically every piece of virtualization software, including products from virtualization heavyweights VMware and Microsoft.

Exploiting those bugs, attackers can use what researchers call “virtual machine escape,” or “hyperjacking.” By taking control of the hypervisor, the piece of software that controls all the virtual computers within a machine, an attacker can “escape” from any single virtual computer hosted on the machine and quickly multiply his or her access to a company’s data.”

Virtualization security researchers and experts were quick to point out the weaknesses of virtualization and several techniques to breach the security.

Joanna Rutkowska, the founder of security research firm Invisible Things Lab, reportedly described a new type of virtualization-based malware that could be used to take control of a machine running virtualization software. Because virtualization allows companies to store many virtualized software “images” of computers on a single physical machine, an attack like the one Rutkowska envisions would allow a hacker “not only to control a single machine but to siphon data from any virtual machine it contains”.

Rutkowska also described how an intruder could install what she calls a “blue pill,” a second, malicious hypervisor that controls the original hypervisor and all of the virtual machines beneath it.

Fortunately, she also said that the attacks she discussed are likely too new to have ever been used by real-world cybercriminals, and are unlikely to become common.

What do you think?

Another Study Predicts Huge and Rapid Virtualization Market Growth

April 7, 2008 by Robin Wauters Leave a Comment

Application Delivery Networking provider F5 Networks today released the results of another survey that shows the storage virtualization market is set to grow rapidly. The online study reveals the percentage of U.S. enterprises that use storage virtualization solutions will more than double from 21 % to 47 % in the next few years.

The survey of 324 medium- and large-enterprise IT organizations in the U.S. and Europe was conducted in February and found that a primary driver for enterprise interest in storage virtualization is reduction in operating expense and capital investment. Underscoring their interest in reducing costs, respondents indicated that 20 % of IT labor is spent on storage-related activities such as provisioning, backup, and moving data.

“We continue to see enterprise storage requirements grow at a remarkable rate, particularly for file-based, unstructured data,” said Steve Bishop, CTO at VeriStor Systems. “As a solutions provider specializing in advanced data storage and virtualization architectures, VeriStor is constantly seeking ways to help our customers reduce storage costs, improve resource utilization, and simplify storage administration. Technologies such as F5’s Intelligent File Virtualization are key to enabling those types of solutions.”

Other findings from the survey included:

Respondents stressed the need for storage virtualization solutions to work with a heterogeneous storage infrastructure. Sixty-three percent of U.S. companies rated this as important or very important.
Respondents showed a strong interest in solutions that address file-based storage — with 80 percent of respondents who are planning to deploy storage virtualization confirming this as part of their plan.
Existing storage virtualization users reported high success rates. Eighty-six percent of all U.S. companies reported achieving at least one or more of their original goals.

For additional survey information and results, please download the PDF from the following location: www.f5.com/pdf/news/20080404-state-of-storage-virtualization.pdf.

[Source: press release]

Gartner: Virtualization Wave To Cause Huge Market Disruption And Consolidation Through 2012

April 6, 2008 by Robin Wauters Leave a Comment

Gartner says virtualization will be the highest-impact trend changing infrastructure and operations through 2012.

From the press release (emphasis ours):

“Virtualization will transform how IT is managed, what is bought, how it is deployed, how companies plan and how they are charged. As a result, virtualization is creating a new wave of competition among infrastructure vendors that will result in considerable market disruption and consolidation over the next few years.”

According to Gartner, the leading edge of this change is server virtualization, which promises to unlock much of the underutilized capacity of existing server architectures. Server virtualization is already having an impact on the server market; Gartner believes that virtualization reduced the x86 server market by 4 % in 2006. As hypervisor prices drop sharply and management costs decrease because of increased competition, virtualization will have a significantly larger impact, and Gartner analysts predict that more than 4 million virtual machines will be installed on x86 servers by 2009.

The use of PC virtualization is also set to increase rapidly. The number of virtualized PCs is expected to grow from less than 5 million in 2007 to 660 million by 2011. On the PC, the decoupling technology that breaks the close ties and dependencies between hardware and software occurs at two levels: between hardware and the operating system (machine virtualization) and between the operating system and applications (application virtualization).

Check out Gartner’s special report on virtualization, including a number of useful guides and a podcast with industry analyst Thomas Bittman.

Gartner: Server Market Doing Fine Until Further Notice

February 22, 2008 by Robin Wauters 1 Comment

A new report from Gartner shows the server market did great during all of 2007, including the fourth quarter. Server shipments rose 11 % during the fourth quarter, while revenue rose almost 3 %. The world’s server vendors combined to ship 2.4 million boxes during the fourth quarter and brought in $ 15.5 billion for their efforts. In all of 2007, shipments rose 7 %, while revenue jumped 4 %. For the entire year, vendors moved more than 8.8 million units and generated $ 54.8 billion in revenue, according to Gartner.

The rise of virtualization and the general economic slowdown, combined with trimmed budgets at the financial services companies, has left a lot of analysists proclaiming a big slowdown and even downfall in hardware sales. But so far, the sky seems blue.

Out of the top vendors, Hewlett-Packard enjoyed the strongest fourth quarter in terms of shipments. It grew 12 % year-over-year, while Dell grew at 9 %, IBM grew at 7 % and Sun declined by 6 %. Fujitsu-Siemens also enjoyed a super quarter with 18 % growth.

Vendor	Q4 Shipments	Gain/Loss
1) HP	702,100	12%
2) Dell	499,687	8.8%
3)IBM	372,701	7.4%
4)Sun	84,778	-6.3%
5)Fujitsu/Siemens	75,882	17.9%

Almost all of the vendors saw their revenue rise during the fourth quarter. IBM stood out as the lone laggard, despite it talking an awful lot lately about how strong its server business is.

Vendor	Revenue	Gain/Loss
1) IBM	$5.3bn	-0.8%
2)HP	$4.4bn	7.6%
3)Dell	$1.6bn	4.1%
4)Sun	$1.49bn	1.0%
5)Fujitsu/Siemens	$616k	2.1%

For the full year, HP stood out with 17 % growth in shipments, leading the herd. Sun was the biggest loser, dropping 8.3 %. In revenue, Dell was the main gainer, showing sales growth of 13.2 %. HP notched 9 % growth as well, while the rest of the vendors were in the low single digits.

Everyone moved a ton of x86 boxes and benefited from double-digit growth in terms of shipments. HP, Fujistu-Siemens and Sun had double-digit revenue growth as well, while Dell came in at 4 % and IBM hit 7 % growth.”Blade servers continue to be a high-growth segment with a revenue increase of 44.5 % and a shipment increase of 19.9 % for the year,” Gartner said. “HP was the 2007 leader with blades at a 41.7 % shipment share, with IBM being in second place at 30.9 %. These two vendors continued to dominate this form factor and totaled almost 78 % of the worldwide blade revenue share for 2007.”

[Source and tables: The Register]

Saugatuck Technologies on ‘The Many Faces of Virtualization’

January 24, 2008 by Robin Wauters Leave a Comment

Consulting and research firm Saugatuck Technologies published a report last December dubbed ‘The Many Faces of Virtualization – Understanding a New IT Reality ‘, proclaiming that virtualization will have the single largest effect on IT budgets for hardware and support over the next three years and that by 2010, the 3 main vendors (VMWare, Cisco & Citrix / XenSource) will dominate the IT virtualization industry.

Another important finding of the study is that all facets of IT virtualization will see substantial enhancements in functionality and performance, with the most significant enhancements being in microprocessors, hypervisors and operating systems.

The report notes that the general concept of virtualization is usually equated with the specifics of server virtualization, since server and mainframe virtualization have been used in the IT world for decades. But it’s important to note that virtualization can be applied to all IT resources, including servers, storage, networks, and desktops.

“This study is the first attempt that we’ve seen to use real-world expertise and practicality to classify and explain the types and effects of IT virtualisation, in terms that both user and vendor executives can understand, and can profit from,” said Saugatuck founder and CEO Bill McNee. “This is a solid foundation from which executives can educate themselves, and begin planning more effective management of virtualisation.”