VMware

Gabriel Maciel's Blog

VMware and Microsoft Virtualization - Open Source Technologies - IT Management and Security

104 Posts tagged with the virtualization tag 1 ... 3 4 5 6 7 Previous Next
0

New VMware Releases

Posted by Gabriel Macie… Mar 18, 2008

VMware Server Version 1.0.5 (free) / http://www.vmware.com/download/server

  • A security vulnerability in OpenSSL 0.9.7j could make it possible to forge a RSA key signature. VMware Server 1.0.5 upgrades OpenSSL to version 0.9.7l to avoid this vulnerability.
  • An internal security audit determined that a malicious user could attain and exploit LocalSystem privileges by causing the authd process to connect to a named pipe that is opened and controlled by the
  • malicious user. In this situation, the malicious user could successfully impersonate authd and attain privileges under which authd is executing.
  • An internal security audit determined that a malicious user could exploit an insecurely created named pipe object to escalate priviliges or create a denial-of-service attack.
  • This release updates the libpng library to version 1.2.22 to remove various security vulnerabilities.
  • A vulnerability in VMware Workstation running on Windows allowed complete access to the host's file system from a guest machine. This access included the ability to create and modify executable files in
    sensitive locations.
  • The authd process read and honored the vmx.fullpath variable in the user-writable file config.ini, creating a security vulnerability.
  • The config.ini file could be modified by non-administrator to change the VMX launch path. This created a vulnerability that could be exploited to escalate a user's privileges.

VMware Workstation 6.0.3 / http://www.vmware.com/download/ws

  • On Windows hosts, if you have configured and enabled a shared folder, it is possible for an attacker to write arbitrary content from a guest system to arbitrary locations on the host system.
  • An internal security audit determined that a malicious user could attain and exploit LocalSystem privileges by causing the authd process to connect to a named pipe that is opened and controlled by the malicious user. In this situation, the malicious user could successfully impersonate authd and attain privileges under which Authd is executing.
  • This release updates the libpng library to version 1.2.22 to remove various security vulnerabilities.
  • This release updates the OpenSSL library to address various vulnerabilities to denial-of-service attacks and buffer overflows.
  • Workstation 6.0.2 allowed anonymous console access to the guest by means of the VIX API. This release, Workstation 6.0.3, disables this feature. This means that the Eclipse Integrated Virtual Debugger and the Visual Studio Integrated Virtual Debugger will now prompt for user account credentials to access a guest.

VMware Player 2.0.3 (free) / http://www.vmware.com/download/player/

  • On Windows hosts, if you have configured and enabled a shared folder, it is possible for an attacker to write arbitrary content from a guest system to arbitrary locations on the host system.
  • Ubuntu 7.04 virtual machines sometimes power off unexpectedly if paravirtual kernel support is enabled.

VMware ACE 2.0.3 / http://www.vmware.com/download/ace/


Also, you can find VMware Server 2.0 Beta (free) here:


Posted by Gabriel Maciel

0 Comments Permalink Tags: vmware, server, player, workstation, virtualization
0

VMworld Europe Sessions

Posted by Gabriel Macie… Mar 17, 2008

You can find the Sessions & Labs for VMworld 2007 & VMworld Europe 2008 here:

http://www.vmworld.com/vmworld/sessions_attendees_europe.jspa (attendees only)

Also, for the free Sessions & Labs go to:

http://www.vmworld.com/vmworld/sessions.jspa (you just need to create an account)

Posted by Gabriel Maciel

0 Comments Permalink Tags: virtualization, vmware
0

This is a new section that I am going to try to write every week. It will
have the links or articles that called my attention the most in the last 7 days, so you can have
them too. Here we go:

  1. Cheap Hypervisors: A Fine Idea -- If You Can Afford Them via
    VMware: Virtual Reality (the comments are also very interesting)
  2. The Complete Clustering How-To Presentation (VMworld 2007) via Jumé BV
  3. Managing IT Projects via Life as a Healthcare CIO
  4. Windows Server 2008 Step-by-Step Guides
  5. Webcast: Hardening Windows Server 2008 and its guide
Enjoy!

Posted by Gabriel Maciel

0 Comments Permalink Tags: best_of_the_week, esx, server, it, management, microsoft, virtualization, vmware
0

The LinkedIn Ottawa Area VMware User Group (VMUG) is a group for professionals who want to exchange ideas and information, share experiences and
make business contacts.

If you live around the National Capital Region of Canada feel free to request your membership, it only requires an updated LinkedIn profile!

Join the group here.

http://communities.vmware.com/servlet/JiveServlet/downloadImage/38-1575-2116/vmug_logo.gif

Posted by Gabriel Maciel

0 Comments Permalink Tags: virtualization, vmug, vmware
0

I have been using mRemote for two months now and I mainly like it because:

1) It supports rdp, vnc, ssh, telent, rlogin, raw, http/s and ica, so you can check your web sites, connect to the ESX Server / Unix farm and manage your Microsoft Infrastructure through RDP using only one window

http://bp3.blogger.com/_aQ4lu_8WP_o/R9hDXNQ526I/AAAAAAAAAXo/ZzV5ahq1ZuE/s200/mRemote.2.JPG

http://bp2.blogger.com/_aQ4lu_8WP_o/R9hEJ9Q527I/AAAAAAAAAXw/yleA2b1k9ys/s200/mRemote.5.JPG

2) It will recognize your Putty sessions

3) mRemote can call external applications and tell them what to do with the use of parameters and variables of the currently selected connection

Give it a try and hopefully you will like it too!

Download mRemote at Sourceforge (1)

(1) Be sure to have the .Net Framework installed in advance

Posted by Gabriel Maciel

0 Comments Permalink Tags: esx, server, security, virtual, center, virtualization, vmware
0

A week or so ago, Andrew Kutz made public 2 new client plugins for the VMware Infrastructure 3.5 environment. This week, we are glad to see that the list goes up to 7!


  1. SVMotion: This VI plugin allows VMware administrators to invoke storage VMotion (SVMotion) events.
  2. Add Port Groups: This plugin enables the creation of multiple port groups of any type on an number of ESX servers and virtual switches at once.
  3. Rdp: Allows for RDP from VMware Virtual Infrastructure client right click menu.
  4. Console: Adds a SSH enabled tab named 'Console' when a host system is selected.
  5. KeySniffer: KeySniffer is an example of how VI 2.5 client plugins can be abused. This plugin sniffs all key strokes that occur within the VI 2.5 client and outputs them to C:\viclientkeystrokes.txt.
  6. Invoke: Allows third-party applications to be launched from within the VI 2.5 client using an existing, authenticated session cookie.
  7. 37migrations: The 37migrations plugin was developed in conjunction with 37migrations.com. It increments your VMotion count on the 37migrations server every time a migration event occurs.
This is the link to viplugins.com.

Posted by Gabriel Maciel

0 Comments Permalink Tags: esx, server, virtual, center, virtualization, vmware
4

Here you have some of the links I came across recently and wanted to share in the Blog:

Veeam Backup
A groundbreaking disaster recovery solution for VMware Infrastructure 3 that combines backup and replication in one product.

Virtual Center 2.5 Passthrough Authentication via www.vinternals.com
"At last! VMware have finally added passthrough auth support in VC 2.5, although it is currently classed as experimental. This is something I have been waiting / asking about for quite some time. And even better, it's on by default! To use it, simply add -passthroughAuth -s vchostname to the end of the shortcut used to launch the VI 2.5 client."

Add multiple SCSI controllers to your VM to improve performance via www.yellow-bricks.com
"A couple of months ago at the Dutch VMug meeting Bouke-Jumé gave some good storage tips. This is one of them:
The LSI Bus Logic Controller / Driver has a standard queue depth of 256. Although it isn't possible to set this higher it is possible to add a second controller and when you make sure the SCSI ID of your disk corresponds to the SCSI card you will have another queue of 256. This can lead to improved performance for Database Servers, Files Servers and other I/O intensive VM's."

Dominic Rivera's Esx-AutoPatch.pl now supports ESX 3.5.0
"I've had a number of visitors write in to inquire about esx-autopatch.pl, and when I would update the script to support ESX 3.5.0. To be honest I didn't really plan to update the script since VMware's Update Manger seems to be doing an adequate job of filling that need. But if you need to get the patches installed at build time, or don't have Virtual Center at your disposal I still believe esx-autopatch.pl is the best answer out there."

Posted By Gabriel Maciel

4 Comments Permalink Tags: esx, server, security, virtual, center, virtualization, vmware
0

VMware is now offering email patch notifications for all of its products. It seems that the service has been running since last December but the VMTN Blog just mentioned this a couple of weeks ago.

"With this service, you will immediately be sent an email alert as soon as a patch or maintenance release becomes available on the VMware products you've purchased. How does this work? You can initiate this activity by selecting the Receive Patch/Maintenance Alerts link from our Support home page, providing your email address, and then, after verifying that we've got the right contact, you can select the product/s you would like notification on by selecting "Confirm Subscription" from within the email confirmation we will send you."

Posted By Gabriel Maciel

0 Comments Permalink Tags: esx, server, security, virtual, center, virtualization, vmware
0

Mike Laverick recently gave a really interesting 42 minutes Webcast covering the following topics:

1) ESX Partitioning
2) Local VMFS Volumes
3) Pros & Cons of using SAN Storage
4) How big should my LUNs be?
5) How big should my Virtual Disk be?
6) How should you arrange Virtual Disks in VM?
7) What are the storage considerations for VDI?
8) What storage considerations do you have with VMware Virtual Machine Snapshots?
9) Storage Monitoring / Reporting advices
10) How fast will my Virtual Center Data Base grow?

You can watch the event here.

Posted by Gabriel Maciel

0 Comments Permalink Tags: virtualization, vmware, esx, server, storage, virtual, center
0

Here are some best practices published by the VMware Security Blog for keeping your VMotion traffic secure:

1. The most important VMotion best practice is to isolate your VMotion activity from all production network traffic. The current design of VMotion assumes that the VMotion network is secure within a data center, certainly within a rack or set of adjacent racks. In a typical situation, servers in one or more co-located racks would each have one or two network cards dedicated for VMotion; these would be connected to a switch or VLAN that has no other endpoints connected.
Isolating VMotion takes away that most common of staging points for man-in-the-middle: some unpatched box anywhere on the production network that has already been taken over by malware. Indeed why any non-ESX box, compromised or not, would be on this network at all would be immediately in question. The researcher's assumption is that long-haul VMotion over wide area networks might become popular in the future. However, most companies today already use encrypted links for inter-datacenter traffic.

2. Tightly restrict access to VI administrative accounts and roles. With VMotion isolated, a virtual rogue presence is more plausible than a physical one, but even a compromised guest VM does not have a virtual NIC on the VMotion network, only on the production network. Therefore the rogue VM must be configured in VI to have a vNIC on the VMotion network.

3. Don't enable promiscuous mode on vswitches. Unlike a physical network card, someone who has taken over a guest VM cannot cannot configure a vNIC to be promiscuous. Another VI admin setting, promiscuous mode (off by default) is configured on the virtual switch port separately from a VM. Also, to manipulate rather than snoop, the proof-of-concept technique requires traffic actually route through the rogue VM, which would not occur naturally on the vswitch."
More Best practices for hardening your VMware Infrastructure environment can be found here.

More information about this article here.

Posted By Gabriel Maciel

0 Comments Permalink Tags: esx, server, security, virtual, center, virtualization, vmware
4

Forbes Guthrie has released a reference card for the VMware 3 / 3.5 environment. It covers the ESX Install, 3i, Storage, Networking, MSCS Clustering, Resources, Backups, ESX Host, VMs, Web Access, Virtual Center and License Server.

You can can find your copy here.

Posted By Gabriel Maciel

4 Comments Permalink Tags: esx, server, virtual, center, virtualization, vmware, 3i, security, vi, vi3, reference
2

There are several tools and utilities that I use every day to administer our VMware environment and I would like to share here with you:

Virtual Center and ESX:

  • PuTTY is a robust and highly configurable free implementation of Telnet and SSH.
  • Veeam FastSCP (Fast & Secure Copy) is my favorite tool for managing files in ESX or Windows. Also, WinSCP is another good utility that has been around for a while.
  • Veeam RootAccess gives you an easy way to enable / disable remote root access or create a regular user account. Combine it with FastSCP and you can easily enable root access, transfer your files and disable root access again.
  • EsxDiag for ESX Server 3.x is a free console script that will check several services and configurations for you. EsxDiag is part of Veeam Configurator.
  • vmCDConnected scans all the Virtual Machines and shows if they have a CD connected to it. After scanning the VM's, you can disconnect the CD's with a simple click.
  • SnapHunter will report to you which virtual machines have snapshots. The tool is very useful if you want to automatically track how much space they are consuming in your virtual environment.
  • esx-autopatch.pl is another rock solid utility that combined with a Web Server (optional) can quickly patch you entire environment.

VMware Server, Workstation & Player


As always, feel free to add your tools to the list!

Posted By Gabriel Maciel

2 Comments Permalink Tags: esx, server, virtual, center, virtualization, vmware, tools, vi3
0

SAN Fundamentals

Posted by Gabriel Macie… Feb 15, 2008

If you are interested in taking a web based training that will explain you the basics about Storage Area Networks, go to this Hewlett Packard site and register / login for free. The course is not bad at all and can be used to refresh your knowledge or learn something new. Enjoy!

Posted By Gabriel Maciel

0 Comments Permalink Tags: san, esx, server, vmware, vi3, virtualization
0

Welcome!

Posted by Gabriel Macie… Feb 14, 2008

This is a blog focused on IT Infrastructure Management, so you can expect to find here articles about Virtualization, Microsoft & Open Source Technologies, IT Management and Security.

The main objective is to share ideas and experiences through simple posts that can serve as on-line reference and hopefully provoke some thoughts.

Also, feel free to visit http://it-infrastructure-management.blogspot.com/ for more weekly updates!

Posted By Gabriel Maciel

0 Comments Permalink Tags: virtualization, microsoft, open, source, technologies, it, management, security
1 ... 3 4 5 6 7 Previous Next

Gabriel Maciel Ottawa
Click to view Gabriel Maciel Ottawa's profile Member since: Mar 11, 2008

VMware and Microsoft Virtualization - Open Source Technologies - IT Management and Security

View Gabriel Maciel Ottawa's profile

Communities