Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > Virtualization

Reply
Thread Tools

Virtualization

 
 
Lawrence D'Oliveiro
Guest
Posts: n/a
 
      10-12-2006
Been reading some older Inquirer artcles on Intel's and AMD's respective
virtualization technologies (start by following links from here
<http://theinquirer.net/default.aspx?article=35011>).

The last of the series on Intel's Vanderpool
<http://www.theinquirer.net/default.aspx?article=21451> tries to explain
some of the things you might use it for. E.g.

The user side of the world may have some changes, but they are far out.
The first class of things revolves around corporate user and machine
management. If your VMM is part of your management package, you can
load, unload, and tweak things right under the nose of the user.

If they are using resources in a non-approved way, you can throttle them
down, load or unload things on their HD, and even potentially patch
programs on the fly. If they manage to muck the OS up to a degree that
is all to common in modern corporate life, you simply blow the OS
instance away and load up another snapshot.

As a management tool, it can be everything a BOFH dreams of.
Unintrusive unless you want it to be, undetectable, and impenetrable by
clueless users. Spyware? Viruses? No problem, they can go away with the
click of a mouse on a management console half a continent away.

This assumes that you give users admin access on their desktop OS, but not
of course on their desktop hypervisor, otherwise that puts you right back
where you started. But what's to stop users demanding such access? It seems
to me simpler to deny them admin access in the first place.

Then:

Further out in the nebulous timeline of IT progress comes the more
interesting uses of virtualization. Instead of having your OS be
completely virtualized, imagine a partially virtualized OS. Every
program can be run in its own virtual machine, and messages passed back
and forth in shared memory. It would be like hardware enforced threads,
you spawn a new VM and run the program in it.

But isn't this how properly-designed protected OSes work in the first place?
(Yes, there are definite uses for virtualization in server/hosting type
application scenarios, but all the extracts I'm quoting here are referring
to deployments on the desktop.)

But then things become clearer:

Other than the stability issue, haywire programs can not get out of the
VM and step on critical processes. This is a huge security benefit. The
best is was one that will probably be a moot point by the time it
happens. Three years ago, MS promised us in two years or so that they
would have security under complete control, it is after all a Bill Gates
proclamation.

In the off chance that MS is not 100% secure by this time a year ago,
VMs can help. One of the ideas tossed out by the Intel engineers was
running IE in a VM. When you are done browsing, you shut down the VM,
and all the malware and crud that comes along with running that browser
goes off into the ether with nary a poof.

If you set things up right so that the browser has specific information
pulled from it before it shuts down rather than it writing all over the
OS, it would be very hard for a virus to spread. When you run IE next
time, it loads up a clean image, and has information like bookmarks and
cookies pushed to it. While it is not an uncorruptible paradigm, it will
certainly be much harder to circumvent controls that VT could put into
place. Luckily, this will be a moot point by then, MS promised.

Really, it seems like this virtualization thing originates from _giving up_
on the idea that Microsoft, specifically, is capable of designing a
securely-written OS running securely-written applications. And instead,
trying to patch up the problems with Windows by adding another layer below
it.

But then, who is going to provide this layer for Windows? If Microsoft is
involved, how can you ensure they won't stuff it up again?
 
Reply With Quote
 
 
 
 
thingy
Guest
Posts: n/a
 
      10-12-2006
Vmware's ACE.

Or Xen....

There are so many uses for this.....give a contractor like a remote data
inputer a ACE'd CD (with a specifically crafted Windows ISO inside it)
to take home with a 3 month "mission impossible" fuse.....at 90 days it
expires.....if the contract is extended, send them another ACE'd CD-r....

You could even give them specific expensive applications with that 90
day fuse, say Autocad or CS Photoshop safe in the knowledge that it
cannot be altered and can only be used for remote working....for 90 days....

Lawrence D'Oliveiro wrote:

8><----

> Further out in the nebulous timeline of IT progress comes the more
> interesting uses of virtualization. Instead of having your OS be
> completely virtualized, imagine a partially virtualized OS. Every
> program can be run in its own virtual machine, and messages passed back
> and forth in shared memory. It would be like hardware enforced threads,
> you spawn a new VM and run the program in it.


Or have it virtualised and have all the instances talk over a virtual
network then you can snoop on the "hub"....

> But isn't this how properly-designed protected OSes work in the first place?
> (Yes, there are definite uses for virtualization in server/hosting type
> application scenarios, but all the extracts I'm quoting here are referring
> to deployments on the desktop.)


Other useful ideas....have a distributed number crunching system (like
Condor) run on its own instance on each desktop in an organisation at a
low priority while the user gets a high priority...user wont notice and
cannot get to that data being crunched.....lots of free computing
cycles, securely....cheaply

> But then things become clearer:
>
> Other than the stability issue, haywire programs can not get out of the
> VM and step on critical processes. This is a huge security benefit. The
> best is was one that will probably be a moot point by the time it
> happens. Three years ago, MS promised us in two years or so that they
> would have security under complete control, it is after all a Bill Gates
> proclamation.
>
> In the off chance that MS is not 100% secure by this time a year ago,
> VMs can help. One of the ideas tossed out by the Intel engineers was
> running IE in a VM.


Yep, this will happen...an appliance....a dedicated OS only running a
web browser....read only.....locked away in ram when it is used......

When you are done browsing, you shut down the VM,
> and all the malware and crud that comes along with running that browser
> goes off into the ether with nary a poof.
>
> If you set things up right so that the browser has specific information
> pulled from it before it shuts down rather than it writing all over the
> OS, it would be very hard for a virus to spread. When you run IE next
> time, it loads up a clean image, and has information like bookmarks and
> cookies pushed to it. While it is not an uncorruptible paradigm, it will
> certainly be much harder to circumvent controls that VT could put into
> place. Luckily, this will be a moot point by then, MS promised.
>
> Really, it seems like this virtualization thing originates from _giving up_
> on the idea that Microsoft, specifically, is capable of designing a
> securely-written OS running securely-written applications. And instead,
> trying to patch up the problems with Windows by adding another layer below
> it.
>
> But then, who is going to provide this layer for Windows? If Microsoft is
> involved, how can you ensure they won't stuff it up again?


Yep, right on.....increasing server utilization means running more than
one application on one piece of hardware, with standard Linux it is
easier or easy to do this compared to Windows. With Windows
significantly harder or impossible...........DLL hell and all that....

So far from the faster and better hardware making Windows huge ungainly
cludge work better it is actually starting to show it up for what it is....

regards

Thing






 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Virtualization question - Kubuntu Lodi NZ Computing 17 10-03-2007 11:55 PM
Why Virtualization? Lawrence D'Oliveiro NZ Computing 19 08-30-2007 12:23 AM
Re: [News] Micoshaft corporation's vista EULA is crap at virtualization 7 Computer Support 6 11-03-2006 08:15 PM
Opsware Offers Virtualization View Knowing About VOIP 0 09-18-2006 05:35 AM
x64 and Vanderpool virtualization. Mark Gillespie Windows 64bit 3 07-18-2006 08:04 PM



Advertisments