SaaS data loss: The problem you didn’t know you had

Maybe you've heard of VMware. You know, EMC's baby, huge IPO, Bloomberg called it the hottest tech stock since Google in 2004, drove a member of our staff mad?

Virtualization has clearly become an industry darling, and VMware controls 55 per cent of that market. This kind of monster success tends to paint a big ol' target on a company — and a volley of the slings and arrows that accompany outrageous fortune are already on the way.

McCana's third degree covers the quasi operating system - or rather kernel - behind VMware's flagship ESX Server package.

A kernel is like the nervous system of an OS. It manages the system's resources (such as memory, the CPU, etc,) that an application needs in order to run. VMware uses two kernels that run directly on the hardware; the vmkernel and vmkmod - a Linux kernel.

Because a computer can only run one kernel at a time, the job of VMware's Linux kernel is pretty basic. It's only purpose is to boot the vmkernel. The only way to load vmkernel is through vmkmod, and vmkernel requires Linux — which essentially means that when ESX Server boots, Linux is its kernel. Herein lies the problem.

From VentureCake:

Proprietary drivers for Linux kernel have an interesting licensing situation. Unlike the license for higher level libraries, which allow those libraries to be used by both Open Source and proprietary software, the license for the Linux kernel specifies that software based on the Linux kernel must be licensed under the same license.

If a kernel relies on Linux, it must be open source. The only way such a kernel wouldn't be considered a derivative of Linux and could remain proprietary is if it didn't require Linux to load. MacCana claims this isn't the case with VMware.

VMware, thus far, has remained silent about the issue. Quite surprising, considering the implications and how much money is now involved.

One example of the issue being raised is a post to the Linux kernel mailing list from Linux SCSI storage maintainer, Christopher Helwig. Here, he responds to a post from VMware's Zachary Amsden in August 2006:

Until you stop violating our copyrights with the VMWare ESX support nothing is going to be supported. So could you please stop abusing the Linux code illegally in your projects so I don't have to sue you, or at least piss off and don't expect us to support you in violating our copyrights. I know this isn't your fault, but please get the VMware/EMC legal department to fix it up first.

The post received no reply from Amsden.

So could the issue presented by MacCana blow up in VMware's face? Analyst for Illuminata, Gordon Haff said he'd be "very surprised" if there was a real issue here.

"It's hardly been a secret that VMware has based the console for ESX server (but not the actual hypervisor/VMM) on Linux," wrote Haff in an email. "To be sure, VMware hasn't exactly gone out of its way to play in the Open Source world, and to thoroughly explain exactly how it uses Linux. But it's no secret and therefore, it's really hard to believe that a company of VMware's visibility could be blatantly violating the GPL, and it would never have occurred to anyone to raise the issue until now."

Haff continues that legal issues aside, it would be at least manifestly unfair for such an issue to be realized at this late date when it's been sitting in more-or-less plain sight for years.

Analyst firm Endpoint Technologies president, Roger Kay says that regardless of its merits, the accusation is a result of VMware's success — and the company will doubtlessly continue to draw all sorts of fire.

At the time of this writing, VMware representatives have not responded to our queries. ®

Steps to Take Before Choosing a Business Continuity Partner