There is this misconception that an SMB wants everything for Free or nearly Free. This is simply not the case. SMBs are willing to pay for products, it is just they want a great return on their investment. It is not be about “bells and whistles”, but it is about getting more bang for their buck as they have fewer bucks to put towards new products.
Most SMBs also want supported products, either direct from the vendor or through the consultant or consultancy which they hired to do the work. An average SMB will want everything to work while they are in the office and will utilize after hours time for any major upgrades, machine fixes, etc. Therefore, an SMB really needs VMware HA capability, but not necessarily VMware FT, VMotion, DRS, or Storage VMotion.
There have been a recent set of VMware Communities questions that have got me thinking about the prospect of virtualizing high performance computing (vHPC) and whether or not this is even practical, reasonable, and would give any gains to HPC. I think there are some gains to be made but with everything there are some concerns as well. This is of interest to me as at one time I was deep into High Performance Technical Computing and marrying Virtualization to HPC/HPTC would be a very interesting option.
The biggest question I ask myself when I see VMsafe appliances is: will it replace my current virtual firewall setup? Replace my Anti-virus? or Both? I am seeing a trend that gives me pause. That is a VMsafe appliance being more than one thing. For example, Trend Micro is an Anti-Virus company that bought Third Brigade (a firewall company) and are now in the mix of merging the two technologies into one. What has happened to one tool that does one thing and does that one thing very well?
There has been quite a bit of debate about SMB virtualization and what vendors think they need. However, no one has really looked into whether or not the SMB market can afford virtualization. There is quite a bit of noise that states that the SMB wants everything for free, or that they will receive immediate benefits from virtualization, but can they actually afford it?
Since I blogged ThinApp – Licensing Issues – Ethics do not ship with the code I have been thinking about the security aspects of VMware ThinApp and similar virtualization technologies such as Microsoft App-V.
I came up with a set of questions to which I searched for some answers:
- ThinApp creates a self contained application within its Bubble. Is it possible for this Bubble to contain a Virus, RootKit, or Worm that could then infect the system on which it runs?
- ThinApp contains a set of libraries that could be less secure than those on the operating system on which the ThinApp Bubble is running. Can the system libraries override those within the Bubble?
- ThinApp contains a mechanism to update the ThinApp Bubble called AppSync, what is the security surrounding AppSync? Could an attacker include a attack payload within such a download?
In essence could ThinApp be used to subvert existing system security?
There are two methods in which VMware VMsafe that can be used: those are fastpath and slowpath. Fastpath entails using just a driver to interact with the VMsafe API and hence the vmkernel. Slowpath is the use of a fastpath driver AND a virtual appliance to do the heavy lifting.
The use of VMware VMsafe enabled third party products introduces third party fastpath drivers into your hypervisor. What these drivers ultimately do is interact with the VMsafe fastpath API, but is that ALL they do? That is why we need some level of certification for VMsafe fast path drivers. We need to KNOW that they do not do anything wrong, bad, or unfortunate.