Feeds

VMware's ESX Server 4.0 lost in the clouds?

Client hypervisor pokes its head through the fog

Application security programs and practises

Virtualization juggernaut VMware kicks off the VMworld Europe trade show in Cannes today, and the opening salvo of the company's own announcements are rather muted because ESX Server 4.0 (or whatever the future hypervisor will ultimately be called) is not being launched. At least not on the first day of the event, as far as we know.

Ahead of the VMworld event, VMware gave the IT trade press a sneak peak at what it is up to, and ESX Server 4.0 and its related stack of revved virtualization tools, called Virtual Infrastructure, were not what VMware talked about. The company did say that it was working on a so-called type 1 or bare-metal hypervisor for desktop and laptop PCs, and also previewed some Virtual Data Center-Operating System (VDC-OS) clouding computing gadgetry and a clustering feature for its management tools to amuse the attendees at the Palais des Festivals.

VMware's Client Virtualization Platform, as the hypervisor for PCs will be known, is different from VMware Workstation, the PC product that put VMware on the map in 1999 and that has been hardened as a product called ACE for secure desktops.

VMware Workstation and ACE are both examples of what is called a type 2 hypervisor, which means the hypervisor runs atop a whole operating system, in this case Windows or Linux, and then allows multiple virtual machines to run atop the hypervisor, which in turn then support other operating systems. The underlying operating system is still a single point of failure and the security of the whole software stack can only be as strong as that underlying operating system. And this, among other factors, has limited the appeal of virtualization on desktops.

VMware's initial server virtualization hypervisor, called GSX Server, announce in 2001, was also a type 2 hypervisor, but ESX Server is a type 1, bare metal hypervisor that runs directly on a piece of iron and only has a Linux kernel that allows the hypervisor (and the system management interface in the ESX Server rather than the ESXi embedded variant) to be initially loaded. ESX Server therefore provides better security and isolation for virtual machines, and also runs more efficiently.

Moreover, the approach to desktop virtualization currently sold by VMware as a product set called View, which is an example of what is called virtual desktop infrastructure, or VDI, has its limits. Like you need a network connection to do anything - no network, no PC. VMware View stores virtual PC images on a server back in the data center running ESX Server and runs them there, streaming video and audio down to thin clients and PCs at the end of a network connection. A bare metal hypervisor running on the PC will allow software to be streamed down to one or more virtual machines - perhaps one for work and one for play - and then run applications even if there is no network connection.

These bare-metal benefits are such that VMware's rival, Citrix Systems, has already partnered with Intel to deliver one for Intel's vPro business desktops and laptops, which use Centrino and Core 2 processors and have other electronics to make them useful, including stuff for virtualization. Bogomil Balkansky, vice president of product marketing at VMware, says that the delivery schedule for VMware CVP is not being announced now, but says it will come out in 2009.

The future ESX and CVP hypervisors are very likely tweaked versions of the same code. As 2008 was drawing to a close, Balkansky gave El Reg a peek at the future ESX Server 4.0 and related software coming out this year. ESX Server 3.5 has a feature for allowing a virtual machine to span multiple processor cores in a box, and this VirtualSMP feature allows a VM to currently span four cores and address 64 GB of main memory. With the future ESX Server - which I think will be called vServer based on the name of the management tool, Virtual Center, already being changed to vCenter last fall - VirtualSMP will be boosted to span eight cores and up to 256 GB of memory. This future server hypervisor will also sport a feature called VM Direct Path, which is an I/O passthrough that will allow a virtual machine to be tied directly to a physical piece of hardware, such as a disk controller or a network interface card. Or, in the case of a PC, a local graphics card.

Balkansky says that Intel and VMware are jointly engineering the CVP hypervisor and will collaborate on go-to-market efforts, including getting PC makers to ship CVP with selected PCs in their product lines. The same tools that manage VMware View will be used to manage images streamed down to PCs with their own VMs, so there is no new tooling from the VMware side to start using the CVP hypervisor. VMware View started shipping in December 2008.

On the server front, VMware will be announcing a new high availability clustering feature for its vCenter 2.5 management console called vCenter Heartbeat. With this feature, which is based on clustering technology that VMware OEMed from Neverfail, two copies of the vCenter console are mirrored and kept in lockstep, so if one fails the other one just keeps going. If vCenter crashes, it doesn't wipe out the VMs, but it does make it impossible to change or monitor them, and considering that vCenter runs on Windows, a crash can happen. (Balkansky says that vCenter is being ported to Linux, but won't say when this will be done.) Up until now, some customers ran vCenter inside a VM, which didn't provide high availability, but did allow for it to be restarted in 2 minutes or less if it did crash. vCenter Heartbeat will be available in March and costs $9,995 per server instance (meaning you have to buy two); vCenter without the heartbeat clustering costs $4,995 per server.

On the cloud front, VMware is going to be talking up its VDC-OS strategy and the fact that its vCloud initiative to get cloud computing providers to use its virtualization technologies to build clouds now has over 400 service providers signed up. The company will also debut a vCloud API, which defines the handshaking necessary for management tools to be able to reach into a cloud and allocate or deallocate virtual machines or, perhaps, to move workloads from a private cloud to a public one. This vCloud API is in "private release" right now to selected VMware partners, and it will be pushed as a standard through the Distributed Management Task Force.

Another cloudy announcement from VMware today is something called vShield, which is a feature that will be coming out concurrently with the future ESX Server that virtualizes and abstracts the physical zoning in corporate networks. Now, instead of defining DMZs in the network, you can define a set of VMware VMs as a virtual DMZ, all with their own beefed up security settings, and when these VMs move around the physical network of switches and servers, their virtualized security settings follow them. This vShield feature comes to VMware's software stack through its acquisition last year of Blue Lane Technologies, which sold intrusion detection and prevention systems for both virtual and physical servers. ®

Eight steps to building an HP BladeSystem

More from The Register

next story
Sysadmin Day 2014: Quick, there's still time to get the beers in
He walked over the broken glass, killed the thugs... and er... reconnected the cables*
SHOCK and AWS: The fall of Amazon's deflationary cloud
Just as Jeff Bezos did to books and CDs, Amazon's rivals are now doing to it
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
Amazon Reveals One Weird Trick: A Loss On Almost $20bn In Sales
Investors really hate it: Share price plunge as growth SLOWS in key AWS division
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.