Thursday, September 17. 2009
Searching for Ready to Run Linux VMs?
Tuesday, September 15. 2009
VMinformer - Virtualization Security Assessment Tool
VMinformer is based in London. They primarily designing and building applications to compliment and integrate with virtual environments. Their main focusĀ is VMware. VMinformer is a Technical Alliance Partner (TAP) with VMware and holds similar partner certifications with other vendors. They have recently developed a tool called VMinformer, which is a security tool for VMware environments. Providing best practice guidance, remediation, monitoring and reporting it aims to be a tool that enables your virtual infrastructure to be as secure as possible.
Monday, September 14. 2009
VMware Fault Tolerance at your home-lab
You can establish fault tolerance for virtual machines hosted by ESX servers that are part of a VMware HA cluster. When you enable VMware FT for a virtual machine, an identical copy of the virtual machine, called a secondary, is established on another host in the cluster. If the first virtual machine fails, the secondary virtual machine takes the original one's place, and a new secondary is created. This process helps provide uninterrupted virtual machine functionality, even in the event of failures. Before you can enable VMware FT, you must have VMware HA enabled and the CPUs of the servers hosting the virtual machines must support VMware FT.
After publishing an article about the CPU compatibility with VMware Fault Tolerance, my search for a white CPU began. The vLockstep technology used by FT requires the physical processor extensions added to the latest processors from Intel and AMD. In order to run FT, a host must have an FT-capable processor, and both hosts running an FT VM pair must be in the same processor family.
Richard Garsthagenās āCPU-Host-Infoā shows all the available options on both the Intel Q9400 and Q9550 marked true. Iāve used the Intel Q8200 in another white box and it didnāt work, so in order to use FT, you need FT and both the VT options. The next step is run through the Fault Tolerance Checklist.
You can enable VMware Fault Tolerance through the vSphere Client.
Connect vSphere Client to vCenter Server.
PrerequisitesĀ
The option to turn on Fault Tolerance is unavailable (grayed out) for a virtual machine to which any of the following conditions apply:
ā Ā is not in an HA-enabled cluster
ā Ā has one or more snapshots
ā Ā is a template
ā Ā is disconnected
ā Ā resides on a host which is in maintenance or standby mode
ā Ā is performing a record/replay operation
Procedure
1. Ā Select the Hosts & Clusters view.
2. Ā Right-click a virtual machine and select Turn Fault Tolerance On.
VMware Fault Tolerance requires eager zeroed thick disks. Virtual machines with thin provisioned or lazy zeroed disks must be powered off while enabling VMware Fault Tolerance in order for vCenter to complete this conversion.
The specified virtual machine is marked as a primary and a secondary is established on another host. Fault Tolerance is now enabled on 4Ā virtual machinesĀ :-)
The VMware Hacking Course will become available in Europe
The title was a little long so we shortened it to Hacking Uncovered:VMware.
Let me give you a little history of why I did this.
First off let me say that VMware is probably one of the most secure environments I have ever worked with, given that it is installed in a secure manner. It is NOT secure out of the box taking the defaults in my opinion. Of course I could post quite a few of my exploits I have uncovered in developing the course on a You Tube video and how to steal credentials from your virtual environment, even the complex password protected vpxuser that connects the Host to the VC by simply rebooting the Host and waiting for it to drop this in your lap. But this is not about providing Hackers ammuntion, it is about securing our DataCenters. Now in VMware' defense the right conditions would have to be met, and you would have to have access to the network segment that the VC and Host are on, but it is alarming none the less. A sample of an actual intercept is posted below.
xmlns="urn:vpxa3"><_this type="VpxapiVpxaService">vpxa</_this><userName>vpxuser</userName><password>*{color:#ff0000}BkGiD3-b6:F8]d28\lBk=b{2993H[rag*{color}</password><soapPort>443</soapPort><hostIp>172.16.4.40</hostIp></LoginVpxa>
Texiwill and I showed this to VMware at VMWorld since then we have been exchanging emails with the security department so they can recreate and address this. We show you those exploits in the class so that you can more easily protect yourself in your environment
Continue reading "The VMware Hacking Course will become available..." »Saturday, September 12. 2009
Mendel Rosenblum and the Virtual Appliance Management
On September 10th, 2008, Mendel Rosenblum, VMware's chief scientist, resigned, but just before heĀ left the company, there was an interesting patent application filed which is still not issued. It has to do with Virtual Appliance Management.
US Patent Application No. 2008/0215,796
Title : Virtual Appliance Management
Publication Date : Sep 04, 2008
Application Filed : Mar 06, 2008
Abstract Text
Various approaches for virtual appliance management are described. In one approach a virtual appliance repository stores one or more virtual appliances and is coupled to the host computer via a network. A storage device stores a transceiver program capable when executed on said host computer of requesting and receiving the virtual appliances, and generating for each received virtual appliance a respective local copy on the host computer of each received virtual appliance. The local copy is private to the host computer. The transceiver program further binds the virtual appliances to the host computer and obtains user data relevant to the virtual appliances. The transceiver program runs each of the virtual appliances from the respective private local copies on the host computer.
Sounds like Cloud Control......
Thursday, September 10. 2009
VMware Announces New Dates for VMware Partner Exchange 2010!
VMware Partner Exchange is an annual partner conference dedicated to educating and enabling partners for success with VMware. We understand your need for a conference that allows you to make your voice heard and we will deliver! By attending, not only will you get the inside scoop on new partner programs, you will understand the training roadmap, and be the first to hear on VMwareās plans for the coming year.
Join VMware on February 8 - 11, 2010 at the Mandalay Bay Convention Center in Las Vegas for VMware Partner Exchange
The hottest virtualization partner conference designed just for VMware Partners. http://www.vmware.com/go/partnerexchange