TPM/TXT Redux

On the third Virtualization Security Podcast of 2011 we were joined by Charlton Barreto of Intel to further discuss the possibility of using TPM/TXT to enhance security within the virtual and cloud environments. We are not there yet, but we discussed in depth the issues with bringing hardware based integrity and confidentiality up further into the virtualized layers of the cloud. TPM and TXT currently provide the following per host security:

Licensing VDI for Microsoft Desktops – is it rocket science?

Given all the past ingenuity and accomplishment why is it, in 2011, the mere task of assigning valid licenses to desktop virtualisation should appear an arcane process?
How do different virtualization models impact how you license your desktop services? What are the current licensing models and do they apply in all instances of desktop virtualisation? Do the models impact on provisioning of services be they laptops, thin clients, Bring Your Own Computer (BYOC), or mobile devices?
Is desktop virtualization licensing an intentionally complex process and what other options could there be?

Virtualization and Cloud Conferences for the Year

It is often very hard to plan which virtualization and cloud conferences to attend and why. You may need to start your planning now as justification from work could be hard to come by. It may mean you make the decision to go on your own dime. If you do the later, there are some alternative mechanisms that could work for the bigger conferences. The conferences and events I attend every year depend on my status with the organization hosting those events, and whether or not I can get a ‘deal’ as a speaker, analyst, or blogger. So what conferences do I find worth attending? That will also depend on your job role. There is one I would attend regardless of role, and a few I would attend as a Virtualization and Cloud Security person. All are good conferences.

VMware sends mixed message with View 4.6

When VMware first announced that it was going to license Teradici’s PCoIP protocol for inclusion in View 4.0, its most visible shortcoming was that VMware did not plan to update the View Security Server at the same time. Setting aside any debate as to the performance characteristics of PCoIP on the WAN, the lack of support for the View Security Server was a significant obstacle to widespread adoption of View in enterprise environments. So the inclusion of direct support for PCoIP tunneling through the View 4.6 Security Server comes as a most welcome update. Also included with View 4.6 are new USB enhancements, as well as support for Windows 7 SP1.

Getting SASy, the other shared storage option

Serial Attached SCSI (SAS) is better known as an interface for connecting hard disk drives (HDD) to servers and storage systems; however it is also widely used for attaching storage systems to physical as well as virtual servers. An important storage requirement for virtual machine (VM) environments with more than one physical machine (PM) server is shared storage. SAS has become a viable interconnect along with other Storage Area Network (SAN) interfaces including Fibre Channel (FC), Fibre Channel over Ethernet (FCoE) and iSCSI for block access.

Trouble with Memory Page-Sharing

In my last post I was Exploring a Limitation of VMware DRS and I have encountered another situation that had similar symptoms but the resolution was quite different. This problem was occurring on a VMware ESX 3.5 cluster that was specifically affecting Windows 2008 R2 64bit virtual machines that were configured with four processors and eight gigabits of RAM. These virtual machines were taking an extreme amount of time to perform a reboot. During the reboot ESXTOP was showing insane %RDY with spikes climbing over 200. When the reboot would finally finish several services would have failed to start.