ESX soon being hacked? Is your ESX(i) Locked up and hidden from any hackers??

This week VMware was in the negative limelight because of hacker Hardcore Charlie (clearly a hacker who watched to much Snoopy in his live). He claims to have stolen VMware ESX source code, not directly from VMware (that would have been really bad) but from the China Electronics Import & Export Corporation (CEIEC).

So far he only released publicly some 300MB of the source code, but he is saying he will release all on may 5th.

If source code of ESX and vSphere is out in the open, this of course can become a serious problem as it would make it much easier for hackers to figure out where the weak spots are. (the image supposedly is proof from mr Hardcore charlie that he has the code).

I wrote a while back an article about how many people have their ESX and vCenter boxes directly attached to the internet… you might want to reconsider implementing a firewall in between 🙂

Read more about the ‘hack’ in information week.

or visit my article about unsafe placement of ESX servers

 

New Client Side Performance Testing for your VDI environment

Yesterday, Login Consultants announced their new Client Side performance testing module for Login VSI. If you are evaluating a VDI solution like VMware PCoIP, Citrix HDX or Oracle VDI based on RDP you might care about the performance of the display protocol, especially if you are not going to do VDI on a local lan but use a WAN or the Internet.

This is not a stand-alone tool, but an optional module for Login VSI Pro 3.6. The beta version will be available at no additional cost for existing users of VSI Pro (which you would expect from a beta product), but it seems like there likely will be an extra charge when the module will go GA.

The main new type of testings that can be done are:

  • Character response – How long does it take to press a key on the keyboard and return it onscreen via protocol?
  • Large text response – How long does it take to show a large block of text onscreen via protocol?
  • Mouse click feedback – How long does it take to register and handle a mouse click within the remoting session?
  • Image quality and loading times – How long does it take to show a complex image onscreen via protocol? This image has been specifically designed to measure quality and speed of different protocols in an independent way.

All testing is done based on client-side screen scraping technologies, so the module is completely protocol independent and can test anything that is out there.

Image Response Testing

Benchmark overview

Image Quality testing

 

More information: VSI Press release

VMware takes big lead on Citrix and Microsoft with VDI

A new, somewhat independent, survey report is released by VIBriefing today. The survey is sponsored by Virsto Software, who makes storage and VDI solutions for VMware vSphere and Microsoft Hyper-V (not yet supporting Citrix, but this is announced that they will).

According to the survey, 65% of respondents use VMware as their hypervisor for their VDI projects, versus 12% using Citrix and 8% using Hyper-V. That seems like a huge lead for VMware, which somewhat surprises me as Citrix originally was/is the leader in the Desktop space.

According to the survey, 46% of VDI projects are stalled due to cost and performance issues. I guess after so many years of VDI software development, no solution on the market offers an easy answer 🙁

Read the full findings on Virsto’s website

 

Google scores 110.000 staff from a spanish bank to use their Cloud Services

If you thought that large organizations are not looking at public cloud solutions, i guess you were wrong. The BBC is reporting today that the Spanish bank BBVA is moving all their 110.000 staff to use google services. The bank does claim to keep all customer data on-premise, but services like email, calendar, docs, chat, video conferencing and other collaboration tools will run on Google’s systems.

The biggest challenge for the bank, besides the worry about extra network traffic, is of course cultural issues. As technology today is ready for this new way of IT.. the people might just not be 🙂

http://www.bbc.co.uk/news/business-16486796

 

Oracle wins Huge prize in Cloud Space, VMware not even mentioned.

Ok, it is not really a huge prize… It is actually the prize for the vendor who is the “worst cloudwashing offender”. Besides Oracle, Microsoft and Salesforce were also rewarded for their “washer” attitudes towards cloud.

As VMware and Citrix are not mentioned, so I guess people do think these companies are serious “cloud contenders”. I am really curious to see the results next year, as the industry is starting to see that “Cloud” is more and more driven from a business perspective then from a technical drive and therefor SaaS and Paas are the most attractive solutions. So while Citrix and VMware today are supposedly the “Cloud” contenders, there main focus (and success) has only been on the IaaS front.

I guess a lot of work to do for Oracle (read: me) to change the mindset and to not prove that Oracle’s virtualization stack is better the VMware’s, but that offering SaaS and Paas will provide more business value and in that space Oracle has a superieur solution 🙂

But at least the first Cloud prize is won for Oracle 🙂 “The biggest overall cloud washer”, yeah 🙂

Read more about the prizes: http://blog.appirio.com/2011/12/envelope-please-announcing-winners-for.html

 

 

 

 

CloudCompare.com is live :-)

Well I am happy to announce that the beginning is made to my new project CloudCompare.com. I wanted to create a place where there is a bit more clarity in all the Cloud offerings, so I started with collecting information for the current vCloud partners.

The system scans every night the vCloud partners to check their status and version, so you know they have real running systems and are not selling vaporware.

I also started adding pricing information into the system and while every vCloud provider has completely different pricing models (which means I have to program a price calculation for every single provider) I can offer now price comparisons amongst various providers.

Go check it out: www.cloudcompare.com

 

vCloud provider listing

According to VMware there are many vCloud providers out there today. 2 in the vCloud Express program (where you can signup with a credit card), some in the vCloud Datacenter program (must be based on vCloud Director and vShield), but most are in the vCloud powered category. The last group is ‘non structured’, and definitely not all are very clear about what they do offer. To help you provide some more details around this, I really want to make a good listing of the various providers, show what version of vCloud API they are on (vCD 1.0 based, vCD 1.5 based, or use there own system that is vCloud API compatible). The API does allow you to query what version is supported, so I automated this in a simple tool that my site will daily run and generate a daily up-to-date list. I will also keep track of when they go offline, so I can start do some reporting on how ‘stable’ they are.

 

While I just started this project, I did already want to share the progress with you. Check out the listing and please let me know if you are missing any vCloud providers. I will be adding more myself as well, and I will increase the amount of information available per provider.

 

Check out the vCloud listing here; http://www.cloudcompare.com

 

VMware View – Getting data out of the Events Database

Well I started work in my new version of vAudit, making more functionality and most important support for View 5. In case you do not know what vAudit is, it is mainly a tool to understand who and when is using your View environment. This can help you see how well the adoption of your VDI systems is going, when not to plan maintenance, etc.

In the old version of vAudit I used WMI to query the event logs of the brokers to see who was logging in and out. Since View 4 the products comes with the option to store all events in an events database (Microsoft SQL or Oracle). So for this new version this is what I want to use. Unfortunately VMware’s View engineers are not easily storing the event data (and this is an understatement!). So it took me a while to even get some basic information out of the system. As my vAudit is not ready for release yet, I thought I would at least share some SQL statements with you, in case you want to start cracking 🙂

Checking daily max concurrent users.
Well this is the easiest (and the only easy thing) to do. As the broker service daily writes an event 5 minutes to midnight in the events database on that days max concurrent user. You can easily get this using a query like this: (MS SQL)

select Count, Time from(select top 30 dbo.view_event_data_historical.IntValue as 'Count', dbo.view_event_historical.Time as 'Time' from dbo.view_event_historical,dbo.view_event_data_historical where dbo.view_event_historical.EventID = dbo.view_event_data_historical.EventID and  dbo.view_event_data_historical.Name = 'UserCount' and dbo.view_event_historical.EventType='BROKER_DAILY_MAX_USERS' order by dbo.view_event_historical.Time DESC) A Order by Time

This might seem like an extensive way of doing this, but it will allow you to control the last so many days to query. Just change the ‘top 30’ to any amount of days.

With this data you can chart a nice daily max concurrent user overview. See my screenshot of the new vAudit release. (I did alter the data in the database to make it look like I have a lot of sessions).

NOTE: also on the name of the tables. When you install view, it asks for a table prefix. In my case I supplied “view” as prefix. So make sure to check your prefix and modify the table names based on that.

 

Session overview

If you want to make more sense of the sessions used by your users, it becomes more of a challenge. Each time a users logins to the broker an events is written. The same for when they session is broken/loggedout. In the event table these events are not easily connected 🙁 so you would have to query for each the event_data table as well to get the broker session ID and match them all up. The super irritating thing is that the time stamp is NOT in the event_data table but just in the events table. This would else have made it into a very easy query. So after a lot of googling, cursing and wishing I wan an SQL expert, here is what I came up with.

drop table #sessions
drop table #logoffs
drop table #users

create table #sessions (SessionID varChar(32), StartSession datetime, EventID int)

insert into #sessions (SessionID, StartSession, EventID) select view_event_data_historical.StrValue, view_event_historical.Time, view_event_data_historical.EventID  from view_event_historical, view_event_data_historical  where view_event_historical.EventID = view_event_data_historical.EventID and view_event_historical.EventType = 'BROKER_USERLOGGEDIN' and view_event_data_historical.Name = 'BrokerSessionId'

create table #users (EventID int, username VarChar(512))

insert into #users (EventID, username) select view_event_data_historical.EventID, view_event_data_historical.StrValue from view_event_data_historical, view_event_historical  where view_event_historical.EventID = view_event_data_historical.EventID and view_event_historical.EventType = 'BROKER_USERLOGGEDIN' and view_event_data_historical.Name = 'UserDisplayName'

create table #logoffs (SessionID varChar(32), EventID int, EndSession datetime)

insert into #logoffs (SessionID, EventID, EndSession)select view_event_data_historical.StrValue, view_event_historical.EventID, view_event_historical.Time from view_event_historical, view_event_data_historical  where view_event_historical.EventID = view_event_data_historical.EventID and view_event_historical.EventType = 'BROKER_USERLOGGEDOUT' and view_event_data_historical.Name = 'BrokerSessionId'  

 select #sessions.SessionID, #sessions.StartSession, #logoffs.EndSession, #users.username from #logoffs, #users, #sessions where #logoffs.SessionID = #sessions.SessionID and #users.EventID = #sessions.EventID

The query uses some temporary tables to help match the session ID’s, get the Start time from one event, the end time of an other event and get the displayname of the user. See the picture of my result.

Next step would be to use this data to make daily charts on when most uses are logged in and out, users stats like average session time, etc. So more to come 🙂

Just to extra clarify what this query does, it check sessions to the Broker! not to the actual VMs. You can do this as well, but even more complicated (as those do not have unique IDs like BrokerSessionID). The the list shows people logging into the broker, but you will NOT know if they started one, two or more virtual machine sessions.

 

If you have any SQL work for View you want to share, please do! If you can optimize my lame-ass sql queries, please do 🙂

 

I will hopefully soon be posting a beta of the next vAudit that does all this and translates it into nice charts.

 

 

 

Are you running a VMware View environment in production?

Hi,

I was planning to update my vAudit program in the coming days. This util allows you to see which people have been using your view environment. I need to make it support View 5, but was wondering if anyone out there is running view 5 in the real world and could tell me what he/she was missing, to see if I could include that in the next release of vAudit.

So any feedback, please drop it in the comments field or send me an email.

Thanks,
Richard

Yeah, in vegas and started VMworldTV again

Today VMworld 2011 opened its doors again and I am in Vegas for VMworldTV to report on what is going on and find all the news scoops. We just finished editing our first videos (many more to come), please check them out on www.youtube.com/vmworldtv