VMware will cut 900 jobs as it rationalizes its product portfolio in the course of the coming year, executives said on the company’s earnings call Monday night.
VMware has added 6700 employees in the last three years, and the overall headcount by the end of fiscal 2013 is still expected to be up by 1000 despite the job cuts, officials said. The company ended 2012 with 13,800 employees.
VMware CEO Pat Gelsinger said at the beginning of the call that VMware would realign itself around three “growth priorities,” the software-defined data center, the hybrid cloud, and end user computing. Product expansion is expected in management, networking, security, storage and high availability.
“When Pat Gelsinger took over as CEO, he made very clear that VMware was going to double down as an infrastructure company,” said Chris Wolf, research VP for Gartner Inc., based in Stamford, Conn.
Details were scant on which products would be targeted for elimination, though officials did mention SlideRocket as a product not central to the company’s business that would be on the chopping block.
Wolf said he expects some cuts to come around the shift to the Pivotal Initiativewith EMC. “The group around Cloud Foundry and vFabric hasn’t gotten the traction VMware would like to see,” he said. “That’s something we will certainly have to watch.”
Ionix management software sold to VMware by EMC in 2010 is no longer part of the company’s core management offerings, Wolf said. This could account for some of the job cuts.
Execs touted the performance in the fourth quarter of the vCloud Suite, which bundles together VMware’s vSphere with its vCloud Director, vCloud Connector, and vCloud Networking and Security products, among others. About 1000 existing vSphere customers took advantage of the offer of a free upgrade to vCloud Suite Standard in the quarter.
Expect more products to be wrapped up in packages like the vCloud Suite going forward, said COO Carl Eschenbach.
“We’re not going to be selling what we’re calling ‘naked vSphere’ into the market,” he said.
VMware executives also scoffed at the idea of Microsoft as a competitor, saying the company’s financials had not been impacted in any way by Microsoft’s Hyper-V.
“Customers we talk to are just starting to kick the tires” on Microsoft’s Hyper-V included in Windows Server 2012, Wolf said. “We don’t expect serious deployments of Hyper-V 3 to pick up until the second half of the year.”
Even if they do, they won’t necessarily replace VMware, but rather augment existing deployments in a tiered hypervisor strategy or in branch-office scenarios, Wolf said.
These details were revealed amid a mixed bag of financial reports from VMware.
While the fourth quarter saw $1.29 billion in revenue, VMware forecast its first quarter 2013 revenue to decline significantly, to between $1.17 billion and $1.19 billion, falling below analyst estimates of $1.25 billion. Shares were down in after-hours trading on this news.
Enterprise license agreements (ELAs) comprised a record 33% of bookings in the fourth quarter, none exceeded $10 million, as the company would normally expect, particularly at the end of the year in the United States.
Officials said that for the full year of 2013, growth would be stronger in the second half than in the first half of the year, and that they expected “some distraction” associated with product realignments and the Pivotal Initiative.
Few details were given about the Pivotal Initiative and its impact on VMware’s business; an EMC / VMware Strategy Forum to detail those plans is scheduled for March 13 in New York City.
VMware has made a $30 million investment in IT automation software maker Puppet Labs, the better to develop new integration between Puppet and its virtualization and cloud management software.
Puppet can already manage VMware’s vSphere virtual machines, as well as its Application Director. The goal of the new investment is to create direct provisioning hooks between Puppet and VMware’s management products this year, which include vCloud Automation Center, vCenter Operations, and vCenter Configuration Manager, according to Puppet Labs CEO Luke Kanies.
“They’re good at managing the VM as a unit, and we’re good at looking at the VM and making sure it’s going to do what it’s supposed to do,” Kanies said.
Puppet, available in open source and Enterprise editions, allows systems administrators to determine how they want their infrastructure to look and then carries out the necessary steps automatically, allowing for fast, repeatable systems provisioning, configuration and management.
This is VMware’s second investment in Puppet Labs in the last 18 months; in November 2011 it joined Google and Cisco in an $8.5 million round of financing for the company.
Puppet does work with other kinds of hypervisors and cloud management systems, including Citrix’s CloudStack, OpenStack, Red Hat Enterprise Virtualization, and Amazon Machine Images. Recently, the company talked with Microsoft as well, Kanies said, but 90% of Puppet’s customers are VMware users.
That said, Kanies dismissed the idea of Puppet becoming a VMware company.
“The fact that we integrated with OpenStack doesn’t mean we’re becoming a cloud company,” he said.
A new online calculator says VMware’s server virtualization software is more expensive than Microsoft’s. The surprising source behind the calculator is VMware.
The new calculator’s results, highlighted by Microsoft in a gloating blog post, show vSphere 5.1 Enterprise Plus as 19% more expensive than Hyper-V 3.0 with System Center 2012 when running 100 virtual machines (VMs) with an iSCSI SAN. Other configurations, such as running 150 VMs on NAS, also show VMware to be more expensive (by 6% in that particular case).
While embarrassing for VMware, this development is just one tiny part of bickering that has been going on for quite a while. And even these favorable calculator results are not good enough for Microsoft. In last week’s blog post, VMware’s rival insisted the findings are still off, particularly when the full vCloud Suite is taken into account.
Has anything really changed?
This summer’s SearchServerVirtualization.com special report on VMware and Hyper-V pricing and licensing found that the actual overall cost for the two platforms depends heavily on the size of the IT shop and the type of workload being virtualized.
It also found that the story doesn’t end there. For one thing, public-facing cost calculators are based on list prices, which enterprises rarely pay, thanks to Microsoft and VMware’s deep discounts.
Some shops may find the cost savings enticing enough to swap out one hypervisor for another, but VMware also remains the incumbent vendor in most enterprise shops, and the costs of switching have many users saying Microsoft’s savings aren’t worth it.
It’s also important to remember that VMware and Hyper-V don’t match feature for feature, especially with several of Windows Server 2012’s Hyper-V advanced features still waiting on System Center Virtual Machine Manager 2012 Service Pack 1 to be put to the test.
VMware has not responded to multiple requests for comment about its online calculator.
Update: VMware published a blog post yesterday called “Flawed Logic Behind Microsoft’s Virtualization and Private Cloud Cost Comparisons” which says that in the more common configuration of 128 GB memory server hardware, VMware vSphere remains on par with or cheaper than Hyper-V, and concludes that the Microsoft blog post pointing out the calculator’s findings “is yet another attempt to artificially inflate VMware’s prices and distract customers from the shortcomings of their own products.”
VMware has issued yet another patch – the fourth in the last week — to correct problems in vSphere 5.1. This time, it’s for vSphere Replication.
The fix in vSphere Replication 18.104.22.168 is twofold, according to a VMware blog post: correcting installation problems, and allowing the software to actually recover virtual machines at a secondary site when the primary machine is down, disconnected from the network or loses access to storage.
The fix for the recovery feature addresses syncing recent changes to a VM over to the secondary site in the event of a failure. When vSphere Replication 5.1 is used as a standalone product, outside of VMware Site Recovery Manager (SRM) deployments, the sync fails, and so the entire recovery fails, according to a VMware Knowledge Base article.
This fix follows patches issued last Monday that finally allowed compatibility between vSphere 5.1 and VMware View 5.1, as well as compatibility between vCenter Converter Standalone and vSphere 5.1, and then another issued last Thursday which addressed widespread issues with single sign on and custom SSL certificates in vCenter Server.
VMware pros say the number of patches required for this release is unusual.
“5.1 was hugely rushed. Quality was non-existent,” said Derek Seaman, a vExpert working for a major telecom, whose blog has been a source for corrections to SSL certificate documentation.
Some partners say the serial nature of these patch releases has only aggravated users’ frustration.
“I realize that these were important patches and updates, but a few days’ delay and simultaneous release would have been viewed in a better light,” said Tim Antonowicz, senior architect at VMware partner Mosaic Technology in Salem, NH. “A coordinated effort, where the patches were bundled into a single release event covering several products, would make much more sense to customers.”
VMware has released a software update to vCenter Server and a new package of documentation meant to address widespread problems with single sign on and SSL certificates uncovered by users of vSphere 5.1.
However, since the patch was released last Thursday, VMware bloggers who have gone over the release notes with a fine-toothed comb have pointed out some ‘gotchas’ and open questions pertaining to the purported fix.
Earlier this month, VMware shops were up in arms over problems with the vSphere 5.1 Single Sign-On feature, which is now a required part of vCenter Server 5.1 installation. Problems included failed vCenter services on startup and an inability to login to vCenter Server.
Various failure scenarios and the login issue are resolved issues in vCenter Server 5.1.0a.
But there are also new issues brought up in the release notes that hadn’t been publicly documented before, according to a blog post by Maish Saidel-Keesing, a virtualization architect for an Israeli technology company.
These issues include added overhead to the installation process – VMware recommends using an independent installer at this point rather than a simple installer, for example, and requires manually created database users rather than an automatically created ones.
“It is good to see that VMware have fixed some problems with the installation process,” wrote Saidel-Keesing. But he’s still left asking, “Was the release rushed out – so that these issues were not addressed beforehand?”
Michael Webster, a VMware Certified Design Expert and director of IT Solutions 2000 Ltd., a VMware consultancy based in Auckland, New Zealand, noted in a blog post that there’s still a ‘gotcha’ with SSL certificates in a certain scenario:
when vCenter system is an all in one configuration with everything on the same VM and using a local [Microsoft] SQL Server database. Update Manager will not be able to log into or register with vCenter when the SSL certificates have been changed. This prevents you from updating the SSL certs for Update Manager and Update Manager may no longer work. This does not appear to occur when the MS SQL Server database is remote.
For that reason, Webster says he is recommending that clients place vCenter Server and the SQL Server database on separate VMs, even in small environments.
In the meantime, Webster is building his own utility for SSL certificate management, called vCert Manager, which will allow completely automated management of SSL certificates in a vSphere environment.
SAN FRANCISCO — If this whole virtualization thing doesn’t work out, several VMworld 2012 attendees will have photography careers to fall back on. People at VMware’s annual conference this week took and shared hundreds of images on the mobile photo-sharing service Instagram, and quite a few came out pretty good.
We scoured Instagram for photos that either used the #vmword hashtag or used the service’s location-based check-ins to say they were at VMworld. Here are nine VMworld Instagrams that stood out:
VMworld seems to get bigger every year, and with each leap in growth comes some overcrowding. Some years, it’s been long lines to get into first-come, first-serve sessions, for example. And perennially, according to attendees, Hands on Labs at the show have issues on the first day.
This year was no exception. There were widespread reports on Twitter Sunday that the wait for Hands on Labs could exceed 3 hours.
“Apparently there is a script that kicked off the provisioning of all the lab VMs. However, even though the script returned a positive status, the VMs were not actually started up.
“Then about 3:45PM the hosting site that had the HOL manuals died. 60 minutes into my lab, after waiting 4.5 hours, it totally fell flat and died. So that was 5.5 wasted hours,” reported one attendee.
The holdups at the Hands on Labs were such an issue that attendees reportedly appealed directly to incoming CEO Pat Gelsinger in a Q&A session Sunday to fix the problem.
Meals for attendees were also a point of contention this year. Granted, accommodating 20,000 people, even at a venue like Moscone, must be difficult. But Monday’s breakfast saw many attendees forced to find a place on the floor to eat due to inadequate seating in Moscone West. Attendee lunches in Yerba Buena Gardens were a nice idea, but again, users found themselves pulling up a spot of pavement on which to have their boxed-lunch picnics.
Maybe next year, attendees will get a few more creature comforts for their admission fee.
Virtualization users look forward to VMware’s annual confab because that’s when solutions to their biggest problems are announced – though not always. This year is no exception.
VMware shops will gain some features that improve existing products while other issues remain unresolved.
VMware’s HA is slated for a facelift next year with a new feature called Virtual Machine Component Protection, according to demonstrations at VMworld.
The idea is to hasten failover by choosing virtual machines (VM) within a host to vMotion according to specific failover conditions. For example, if some VMs within a host are attached to a SAN and others are attached to NAS and the SAN fails, only the VMs attached to the SAN would fail over.
Whither SMP FT?
Meanwhile, technology that was in tech preview at last year’s VMworld, fault tolerance for symmetric multiprocessing systems, still has yet to make it into shipping product –but the company offered another preview here this week.
Fault Tolerance keeps VMs in lockstep with one another through synchronous replication, and should one fail, can cut over without service interruption to users. VMware Inc.’s HA feature, by contrast, involves a brief interruption. Fault Tolerance is therefore more suited for mission-critical applications, but its lack of support for multiprocessing disqualifies it from use with many databases and other Tier 1 workloads.
Given that, it’s obviously an important goal for VMware to support SMP FT in vSphere, but why it remains stalled in preview is a mystery.
VM stall redux?
It appears that VM stall is still happening in enterprise IT shops. An average of 60% of workloads are virtualized — up from 2008’s 25%, but far from VMware’s goal of 90%, according to outgoing VMware CEO Paul Maritz in his keynote.
Possible culprits suggested by attendees: lack of SMP FT as discussed above, stubborn server-huggers, and stubborn storage I/O bottlenecks.
VMware VSA 5.1 update underwhelms
The vSphere Storage Appliance lives.
The appliance, which is designed to make direct-attached storage (DAS) look like a pool of network attached storage (NAS), has gotten a few improvements in version 5.1, released this week. These include the ability to add disks on the fly. Before, whatever configuration users started with couldn’t be changed.
The new version also supports RAID 5, 6 and 10, allowing for less storage overhead in provisioning for high availability.
However, industry sources said users still can’t start with two nodes and scale to three, and there still appears to be no integration between the storage appliance and vSphere Replication.
Surely VMware, with all its talk about the software-defined data center, and owned by the biggest storage company in the world, has more up its sleeve when it comes to software-based storage.
Beth Pariseau, Senior News Writer
Now, some IT shops wonder what they’re supposed to do with the additional licenses they bought to accommodate vRAM requirements for vSphere 5 last year.
VMware stated that vSphere licenses purchased for vRAM capacity can be used to license processors and expand existing vSphere environments.
Unfortunately, customers may also have scaled out servers, which racks up costs in network ports and other software licenses, rather than scale up and consolidate more VMs onto beefier hosts thanks to vRAM.
Though VMware maintains that it doesn’t try to compete with Microsoft on price, competition from Hyper-V was a factor.
“Competition forces you to listen to your customer base,” said Rick Jackson, a VMware spokesperson, during a press conference at VMworld 2012 here this week.
“You don’t compete with Microsoft on price…you compete with Microsoft on value,” he added.
There were also pricing details surrounding vCloud which might have gotten lost in the vRAM ruckus.
First, there are actually three editions of the vCloud Suite that are bundled into packages available as single SKUs:
- Standard, which includes vSphere Enterprise Plus, vCloud Director, vCloud Connector, and vCloud Networking and Security Standard, is priced at $4,995 per CPU, plus support and subscription;
- Advanced, which includes vSphere Enterprise Plus, vCloud Director, vCloud Connector, vCloud Networking and Security Advanced, vCenter Operations Management Suite Advanced costs $7,495 per CPU, plus support and subscription; and
- Enterprise, which includes vSphere Enterprise Plus, vCloud Director, vCloud Connector, vCloud Networking and Security Advanced, vCenter Operations Management Suite Enterprise, vFabric Application Director, and vCenter Site Recovery Manager Enterprise. Itis priced at $11,495 per CPU plus SnS.
VMware vSphere remains available, in all its editions, as a standalone product as well.
The vSphere Storage Appliance is now bundled in with Essentials Plus licenses, and vSphere Replication has been added to all vSphere editions, rather than being packaged solely with VMware’s Site Recovery Manager.
But beyond the immediate, what is VMware’s long-term plan for pricing its wares? Is per-CPU licensing really the way of the future?
It depends. Site Recovery Manager, for example, remains priced per VM when bought standalone, though it is priced per CPU when purchased as part of the Enterprise vCloud Suite.
“When you’re just using SRM as a point solution, per-VM makes more sense,” said Neela Jacques, a VMware vCloud product spokesperson. “But when you’re using multiple products, it makes more sense to buy the suite.”
SAN FRANCISCO — During his final VMworld keynote this morning, outgoing VMware CEO Paul Maritz shared these figures showing how much VMware and its community grew under his four-year tenure from 2008 to 2012:
Intel-based servers virtualized: 25% to 60%
VMware Certified Professionals: 25,000 to 125,000
VMworld attendees: 13,000 to more than 20,000
Once new VMware CEO Pat Gelsinger took the stage, he said more than 90% of servers will be virtualized within the next three years. Maritz received a nice standing ovation from the crowd when he left the stage.
A little more than a year ago, VMware ignited a firestorm by overhauling its vSphere pricing and licensing. Next week, the company will reportedly go back to the old way of doing things, in the hopes that we’ll all forget this whole fiasco even happened.
But it did happen. And it showed a serious lack of foresight on the part of VMware. The vRAM licensing model was supposed to answer the question, “How does VMware align its business model with its vision for the future?” As implemented, it didn’t. But going back to per-CPU licensing won’t answer that question either.
In case you’ve been living under a mainframe for the past 13 months, here’s a very quick rundown of the controversy:
- July 2011: VMware releases vSphere 5 and limits the amount of virtual RAM (vRAM) that can be assigned to virtual machines per license.
- August 2011: In response to customer uproar, VMware increases the vRAM limits.
- August 2012: CRN reports (and SearchServerVirtualization.com confirms) that VMware will abolish its vRAM licensing model.
Why VMware is giving in
The question now is, what’s VMware’s motivation? What changed between July 2011 and now that led the company to make this change? Signs seem to point to a less-than-overwhelming response to vSphere 5 among customers.
“I haven’t seen any hard numbers as to the uptake of vSphere 5, but there have been hints that it has not been as fast as VMware had hoped,” wrote blogger Nate Amsden. “… I have little doubt that VMware was forced into this change because of slow uptake and outright switching to other platforms. They tried to see how much leverage they had at customers and realized they don’t have as much as they thought they had.”
Elizabeth H. Henlin, analyst with Technology Business Research, tweeted that this change was overdue, because vSphere 5 licensing drove market share gains for VMware competitors Microsoft, Citrix Systems and Red Hat over the past year.
And blogger Gabriel Chapman wrote that going back to the old model will help VMware compete better with Microsoft, which challenged VMware on price.
“This also takes away a key leg of the Microsoft Hyper-V 3 marketing playbook,” he said.
Short-term fix, long-term problem
With those comments in mind, it’s easy to see why VMware made this move: to address an immediate problem. In the long term, however, bigger problems await.
VMware championed cloud computing for years, and in a way, the vRAM licensing model marked the culmination of that push. You can say the underlying hardware is irrelevant all you want, but it doesn’t really matter until you put your money where your mouth is — and VMware did just that.
Assuming that VMware does in fact revert to the per-CPU licensing model, however, there’s a disconnect. The company still promotes private cloud and the utility model of computing, but its business model is based on the old way of doing things.
VMware should have better anticipated customers’ angst over new licensing and spent more time evaluating options that met customers’ needs without compromising its corporate strategy. After all, it doesn’t matter how strong a company’s vision is if it can’t figure out how to make money on that vision.
For years, the independent New England VMware User Group has held large quarterly events for the VMware community in Massachusetts, Rhode Island, Maine and New Hampshire. Next month, the global VMware User Group will move in on its turf.
The first Boston VMware User Group meeting is scheduled for Sept. 20. Intentionally or not, the meeting will take place on a boat in Boston Harbor, less than a mile from the site of another famous maritime revolt, the Boston Tea Party. Now we have the Boston vParty.
Before 2010, each local VMUG operated on its own with VMware’s support. In August of that year, nearly all of the local VMUGs came together and formed a worldwide, independent-but-still-closely-aligned-with-VMware VMUG. The New England group remained on its own.
That decision appears to result from dissatisfaction with the global organization’s mission, particularly its VMware-centric approach. (One of its goals is “providing a more effective interface between VMware and our customer base.”)
The New England VMUG’s shift away from this approach has been apparent at recent meetings; this spring in Newport, R.I., for example, a speaker gave a full presentation on Microsoft remote desktop and application delivery technologies.
Less subtly, this summer the New England VMUG formed a new organization, the Virtualization Technology Users Group (VTUG), whose About Us page includes this telling line:
It is the role of VTUG to ensure that the Vendors and VARs provide our end users with quality content and not inundate us with “sales pitches.”
The VTUG also plans to hold a fall event closer to Boston, instead of the New England VMUG’s traditional fall location, Atkinson, N.H.
If the New England VMUG, the nascent VTUG and the new Boston branch are all able to flourish, it will only be good for the local virtualization community. You’ll have a place to go exclusively for VMware information, and you’ll have places to go for broader but equally important topics.
If the New England VMUG suffers, however, it will continue the trend of VMware’s consolidation of power in the market. Consultant and blogger Tom Howarth caused a stir in 2010 when he pointed out that 13 of the top 25 virtualization bloggers worked for either VMware or its parent company, EMC. And at VMworld 2012 in a few weeks, more than 90% of the sessions will have a VMware or EMC employee speaking.
It’s understandable that VMware wants to control the message customers receive, but there are plenty of fiercely loyal consultants and users who can do that job just as well as (if not better than) VMware’s own employees.
VMware and the global VMUG should encourage those voices, not compete against them.
I’ve been Livin’ on a Prayer that VMware would pick a respectable band for the upcoming VMworld 2012 conference. With INXS and Foreigner headlining previous shows, however, it was hard to Keep the Faith. In fact, I’d rather Runaway and not Come Back than sit through another cheesy ‘80s hair band.
Last year, in choosing The Killers, VMware gave me Something to Believe in: The virtualization company could attract musicians who weren’t 25 years past their prime.
[kml_flashembed movie="http://www.youtube.com/v/lDK9QqIzhwk" width="425" height="350" wmode="transparent" /]
If you haven’t booked your hotel room for VMworld 2012, prepared to be gouged. I haven’t seen prices this marked up since I tried buying milk and bread before Hurricane Irene.
After seeing some Twitter users grumbling about hotel rates around the Moscone Convention Center, I decided to investigate (i.e., go to Hotels.com). I restricted my search to hotels that are less than a quarter mile away from the VMworld epicenter. After all, who wants a long trek back to bed after “networking” until last call?
On the high end, there is The St. Regis at $774 a night. The most affordable is The Westin at $381 a night. (Hurry! Only 4 rooms remain!) And there is a smattering of choices in between those prices.
That said, you could stay at The Mosser for $139 a night, but it’s a hostel and you have to share a bathroom. Just be sure to check in early, so you can claim the bottom bunk.
Luckily, many companies use travel agency for better rates. But you should still anticipate a pretty hefty lodging bill, regardless. Where’s Jimmy McMillan when you need him?
A free download is available on Microsoft’s website for those who want to experiment with the new, free version of Hyper-V.
Hyper-V Server is offered as a standalone product by Microsoft apart from the Windows Server OS. As such, Microsoft recommends it for use among “organizations who want to consolidate on a single physical server or have low utilization infrastructure workloads, departmental applications, and branch office workloads.” Other recommended uses include test / development and VDI.
Given the limited scenarios for Hyper-V Server, some Microsoft TechEd attendees at this week’s conference said they’ll hold out for the full-fledged release.
“The only reason I would use [Hyper-V Server] would be for VDI or Linux,” said Nathaniel Avery, senior solutions architect at ActioNet in Washington DC. “But even then, with VDI, it’s a maybe, because then I’d be running multiple versions of Hyper-V in the same environment.”
The freebie hypervisor includes all the features of the Windows Server 2012 Release Candidate Hyper-V, which became available on May 31. The major update in the Release Candidate is greater scalability than was offered in the developer preview made available at the Build conference last year and the beta release out earlier this year.
Resource capacities per host have doubled with the Release Candidate — logical processors supported per host have gone from 160 to 320; physical memory from 2 to 4 TB; and virtual CPUs from 1024 to 2048. Virtual CPUs supported per VM have also doubled from 32 to 64.
Ben Rubenstein, Site Editor, SearchWindowsServer.com, contributed to this report.
VMware and Hyper-V admins can now get a free set of tools from Veeam for backing up, copying and transporting virtual machines.
Veeam Backup Free Edition has no time limit on use, but it is limited in the amount of functions from the full Backup and Replication tool it offers. There’s no scheduler, no incremental backup, no replication, no deduplication, no Instant Recovery (Veeam’s term for its ability to run a virtual machine (VM) from a backup image), and no PowerShell support in the free edition.
What IT pros can do with the free edition is perform full backups of virtual machines; manage host and VM files (replacing a previous free offering called FastSCP); Instant File-Level Recovery (restore files directly from a backup images); and use a new feature called VeeamZIP.
VeeamZIP allows for a one-time ad-hoc backup of virtual machines with compression, so that they can fit on removable media such as a USB drive.
VMware Inc. users will also get a feature called Quick Migration with the free edition, which allows for the live migration of a running VM from a backup image to any host or data store, for users who don’t use clusters, shared storage and / or Storage vMotion. Quick Migration is also available for Hyper-V with the full Backup and Recovery, but not in the free version.
Update 6-8-2012: After this blog was published, Veeam got in touch with the following clarification: “
Veeam isn’t alone in offering a “freemium” model for its VM backup software, with a free subset of features held out to attract users to the pay-to-play goods. Altaro allows Hyper-V users to backup up to two VMs with its free version. PHD Virtual offers a free trial as well as a utility called VMNetBac, which backs up and restores the network configuration of VMs. Arkeia has its Virtual Appliance Free Use Edition, and Trilead its VM Explorer. Finally, VMware offers its own VMware Data Recovery tool bundled with Essentials Plus and Enterprise Plus licenses.
The announcement of Free Edition coincides with the release of Veeam Backup and Replication 6.1, which adds Instant Recovery for Hyper-V, support for SCVMM 2012, and a new GUI.
VMware Forum 2012, a traveling conference for VMware customers and partners, stopped in Boston this week. If you weren’t able to attend, here’s a look at what you missed:
VMware rolled out the red carpet for attendees at the Boston Convention and Exhibition Center, which vaguely resembles an airplane hangar.
Attendees milled around before the general session, which kicked off the event. One keynote speaker, Benjamin Gray, principal analyst at Forrester Research, spoke about how organizations are shifting toward more BYOD- and cloud-based models. And Vittorio Viarengo, vice president of end-user computing at VMware, talked about how VMware is responding to the evolving challenges that are present in today’s data centers. He also showed a demo of View 5.1.
Here’s a look at the partner pavilion, where dozens of vendors and solution providers showed off their products and services. VMware’s booth featured demos of several products, including Horizon Application Manager.
Kaspersky Labs had one of the more engaging booths in the partner pavilion, where attendees could race toy cars around a track. I’m not quite sure what it had to do with antivirus software, but it got people over to the booth.
On a side note, I launched my car off the track on the first turn.
Feeding time at VMware Forum. I quickly learned not to get in the way of an IT guy and his boxed lunch.
My lunch came with a ham and cheese sandwich on a pretzel roll, Cape Cod chips and a chocolate chip cookie. Everything tasted great, except the promotional card for Dr. Dre headphones.
The event ended with a series of breakout sessions, such as this one, “Accelerate your Journey to the Cloud with Storage for VMware.” VSpecialist James Ruddy explained the different ways to architect storage arrays in cloud infrastructure.
When an Anonymous hacker leaked a page of VMware’s source code along with other documents from a compromised Chinese company in early April, he threatened that the leak was “just a preview,” and that more documents were coming on May 5.
Then, the hacker claiming responsibility for the leak reportedly told Kaspersky Labs’ Threatpost blog that among those files, a terabyte in all, there were 300 megabytes (MB) more VMware source code.
Thus, it was widely anticipated by the VMware community (including this blog) that 300 MB of VMware source code would be released on Saturday.
On May 3, VMware rushed out a bunch of critical patches for ESX, ESXi, Workstation and Player, heightening the anticipation.
The big day has now come and gone, however, and there was nary a whisper of VMware’s name on various Twitter accounts associated with the initial leak. If 300 MB more source code did hit the Internet this weekend, it was done with far less public fanfare than the “sneak preview” received.
Users say the lack of leak doesn’t change much about their outlook on the situation.
“These types of hackers are criminals, and criminals aren’t known for keeping their word,” said Bob Plankers, a virtualization architect at a large Midwestern university. “There are a number of security updates now available for nearly every version of vSphere and its predecessors, so at the least it looks like VMware took the issue seriously on all fronts.”
Trying to guess at what happened means trying to figure out the agenda of a hacker, which is nearly impossible to do, said Edward Haletky, CEO of The Virtualization Practice LLC. It might have been that the wide-ranging publicity the initial leak received was all he was looking for.
“It could’ve been truly just about awareness, saying, ‘hey, you know, this code really isn’t private anymore’,” Haletky said. “There could be a million and one reasons.”
The fact that there was no obvious code release on May 5 shouldn’t make much difference to VMware pros, Haletky said. They should still apply VMware’s new patches and keep up with security best practices. “The answer still is to prepare for such things…do the defense in depth, do the research…if it happened once, it could happen again.”
Affected products include ESX and ESXi versions 3.5, 4.0, 4.1 and 5.0, Workstation and Player. A further description of problems associated with the patches and linked from the security update blog describes remote procedure call (RPC), SCSI driver and network file system (NFS) vulnerabilities which could potentially allow an unauthorized user execute code on a virtualized host.
With the post’s repeated use of the word “critical,” and widespread Tweeting of a link to it by VMware officials, it’s clear the patches are important. In fact, such a security update hasn’t been posted on the VMware Security and Compliance Blog since the announcement of a critical update to ESX 3.5 in 2008.
Though the post referred directly to the leak incident, what’s less clear is the exact relation of these newly announced vulnerabilities and the leaked source code file.
VMware framed the security advisory as the accelerated release of patches the company was working on anyway. “In light of the current circumstances, we have accelerated our most recent security patches and applied them to all affected currently supported products,” the post said.
“I think it is an abundance of caution, but in addition, some pro-active concern,” said security expert Edward Haletky, CEO of The Virtualization Practice LLC. While there is historical evidence that it is possible to crash a VM using paravirtualized drivers and backdoor elements in the past, he added, “the execution of code on the host is intrinsically difficult regardless of how an escape is performed.”
These aren’t the first VMware product patches which raise the spectre of rogue code executed on a host – even in the last few weeks. A security advisory was also issued without nearly as much fanfare April 12, in which three critical patches were released for VMware’s vShield Endpoint security product.
VMware’s Knowledge Base article paired with today’s security advisory also specifically credits an individual, Derek Soeder of Ridgeway Internet Security LLC, with identifying some of the vulnerabilities, rather than specifically linking their discovery back to the leaked file. Soeder, meanwhile, was publicly raising security issues with VMware’s software in a blog posted March 30, before the 2004 source code file was leaked.
Regardless of whether the hacker who threatens to leak megabytes more source code on May 5 acts on that threat, or whether these patches are specifically related to the high-profile leak, VMware customers shouldn’t take any chances, experts say.
“For now, all we can do is what we should always do, keep current on our patching levels,” said Christian Mohn, senior infrastructure consultant at EVRY Consulting in Norway.
Meanwhile, “May 5th might just turn into something more interesting than I had thought a week ago,” he said.
Enterprise IT has its eye on VMware’s next move following its confirmation that ESX server source code was leaked by a hacker this week. The leak could pose a security threat to companies with virtual infrastructures based on vSphere.
The code, which dates to 2003 or 2004, was apparently stolen from “a variety of compromised Chinese firms,” according to a Threatpost report. The code was confirmed as genuine by the director of VMware’s Security Response Center in a blog post yesterday. Although only a single file has been released publicly, the hacker claims to have another 300 MB of source code and that the rest will be published May 5.
If the rest of the code is of the same vintage, it may not be much of a threat. In fact, providing a more secure hypervisor was a primary goal of the conversion over the last year from ESX to ESXi, a set of code with a much smaller attack surface. So far, no data has been published which indicates the ESXi hypervisor is involved.
But if the remaining code published May 5 is more current, and contains information that could allow hackers to access hosts from guests, it could potentially pose a security threat to enterprises as well as cloud service providers with infrastructures based on vSphere.
The worst-case scenario is that such a “VM escape” is found, but not published, according to Bob Plankers, virtualization architect with a large Midwestern university.
“There’s a lot of money to be made by hacking enterprises,” he said. “So VMware and their customers would be best served by an attitude akin to a race: who can find all the security holes first?”
The risk is probably not very high right now based on what’s been released, according to security expert Edward Haletky, CEO of The Virtualization Practice LLC. But “believe me, on May 5, I’ll be paying attention to what is released,” he said.
So far, escape-the-VM attacks have proven relatively toothless – none has been able to really do much to cross VM boundaries even when they have penetrated the hypervisor in experimental settings, Haletky said. If areas of the code having to do with the virtual machine manager leak out, it could help such an attack do more damage.
For now, it’s much easier to attack virtual machines through the management layers, and therefore much more common, Haletky said. Enterprises can protect themselves by following security best practices such as separating management networks from storage networks, fault tolerance and vMotion networks; limiting the footprint of VMs; effective network monitoring; and using early warning systems. But it’s something he says most enterprises don’t do.
“I think this may push more people to follow best practices because of the increased awareness,” he said.
IT pros shouldn’t expect this to be an isolated incident, according to Haletky. VMware and its competitors have become high-profile enough that their software is a juicy target for potential attackers.
“Years ago…we said we can’t say there won’t be a major incident involving one of the hypervisor vendors, whether it be VMware, Microsoft or even Citrix or Red Hat, and it’s going to be disastrous,” he said. “Does this raise the risk for VMware? Yes. As a company, absolutely.”