IThastobecool.com

Today I found an interesting article from Gartner, they predict that in 2012 60 percent of all virtual servers will be less secure than the physical servers they replace. Gartner expects this percentage to drop to 30% at the end of 2015. 

These are the main risks Gartner identified, for the complete article check this page.

• Information Security Isn’t Initially Involved in the Virtualization Projects
• A Compromise of the Virtualization Layer Could Result in the Compromise of All Hosted Workloads
• The Lack of Visibility and Controls on Internal Virtual Networks Created for VM-to-VM Communications Blinds Existing Security Policy Enforcement Mechanisms
• Workloads of Different Trust Levels Are Consolidated Onto a Single Physical Server Without Sufficient Separation
• Adequate Controls on Administrative Access to the Hypervisor/VMM Layer and to Administrative Tools Are Lacking
• There Is a Potential Loss of Separation of Duties for Network and Security Controls

 ”Virtualization is not inherently insecure,” said Neil MacDonald, vice president and Gartner fellow. “However, most virtualized workloads are being deployed insecurely. The latter is a result of the immaturity of tools and processes and the limited training of staff, resellers and consultants.”

Latest generation virtualization techniques doubles capacity terminal servers

With that statement Ruben and Jeroen have just released Phase II of Project Virtual Reality Check (VRC) to create this whitepaper they have done more than 150 tests with Login VSI to measure the performance of servers while being stressed by a great amount of simulated users. This whitepaper has a few advantages to whitepapers published by the vendors themselves and whitepapers published by blogs that are only testing one hypervisor:

• The whitepaper is truly independent
• The whitepaper is approved by the different vendors
• Everybody can repeat the tests with the free available Login VSI
• The authors aren’t biased
• You can compare the results easily (the servers have been stressed the same way)

One of the most interesting conclusions of Phase II: The performance increase measured is not caused by improvements to the hypervisor but mainly by Intel’s innovations in the Nehalem architecture VRC states that it can be almost solely accredited for the performance improvements seen with TS workloads.

Get your free copy of the whitepaper at www.projectvrc.com

Wohoo!! When we where creating Login VSI we had a few goals in mind, one of them is becoming the de facto standard for benchmarking virtual environments (TS/VDI/Bare metal etc). And i have to say: something is happening in the industry. To begin with we have Project VRC by Ruben and Jeroen but recently Citrix published some rather interesting whitepapers.

• Official Citrix Whitepaper with 5000 XenDesktop users. http://bit.ly/c5a0n5

Use free and reputable tools like LoginVSI from Login Consultants to simulate real-worldlike
user workloads.

• Official Citrix Whitepaper Single server scalability with XenDesktop http://bit.ly/b4MH75

VM density results are highly dependent upon workload characteristics. We used a
workload called Login VSI, created by an independent company, Login Consultants.
Login VSI, is well known in the VDI and terminal services community with testing of
8 various terminal services and VDI solutions from multiple vendors in a comprehensive,
ongoing test project called Project Virtual Reality Check
http://www.virtualrealitycheck.net/.

In IT everybody i meet always has something against AutoIT, this is for a obvious reason you don’t want to use recorded mouseclicks or sendkeys to install your applications unless there is really (no really!) no other option left.

In everyday usage i use AutoIT to create most parts of VSI, its perfect for emulating the user workloads because it works like a real user and because i dont have real programming skills the rest of VSI is also created in AutoIT script.

You would think a large company would do this a little different, maybe they would create the workloads in AutoIT scripts but creating the configuration GUI’s would be done much more professional…. Well VMWare dissagrees apparently.

Conclusion: +1 for the AutoIT team and –1 for VMware!

Well it’s always nice to know when you production environment will break, i wish i knew this for all software running in my environment . But it doesn’t look really professional from the vendor side. And this time the vendor is: Citrix!

As of 2010-03-25 (March 25^th, 2010), EdgeSight 5.0 and 5.1 (all service packs) will stop functioning.

Customers will receive the following error message for payload uploads:

“Archive load error: The archive ‘/edgesight/app/suser/ZRemoteLib.zpd#12!lsync.htm’ is not appropriately signed.  The system cannot find the file specified.”

General symptoms: Payloads will not be uploaded and many of the EdgeSight components will not work properly resulting in different errors.

Congratz to Citrix for reintroducing a bug the already discovered in version 4.5 of their software product!

We all remember the last tool created by Peter Nap: App-V on a stick, but Peter didn’t stop there. Yesterday Login Consultants released a new tool: The App-V Self Support Tool. One of the things that you will find out early on when actual users start working with App-V, is that sometimes they manually need to reset, preload and refresh their virtualized applications. As a result, you will need to give users access to the App-V client MMC plug-in.

The problem is, the MMC is typically off-limits for normal users in the enterprise because of security policies on desktops and laptops. And even when users have access, try explaining non-technical users how to work with the App-V client MMC plug-in. The App-V client configuration is simply way too clunky for normal users.

The great thing about the App-V Self Support tool is that is consists of just 2 files that do not have to be installed, one executable and one XML file for the configuration. This makes enterprise deployment quite easy: just drop the files anywhere on the client and provide the users a shortcut to start the application.

The interface is deliberately simplified, so users can find their way around. There are only a few options: View, Language, Repair, Cache, Start and Refresh. Users do not need anything more, and more importantly, they are not required to ask the helpdesk to support them.

Download the App-V Self Support (App-V SST) tool here.

[Virtualizing the App-V Support tool is not recommended! (No really.. it breaks)]

Yes its true, you can get VSI 2.0 Pro for free, Login Consultants just announced that all Bloggers/Media can get a free NFR license to play around with. Just send an email to vsi@loginconsultants.com with as much’s details as possible. 

The Sysinternals guys did it again . This time they have given us the "Poor mans P2V" solution, and they call it: Disk2VHD.

The idea behind this is pretty cool, they use the Windows Volume Snapshot capability, to create consistent point-in-time snapshots of the volumes you want to convert. It will create one VHD for every disk but it will only include the partitions you select. The really cool thing about this: You can run it ONLINE!

There are some (small) limitations the VHD size limit is 127GB (because virtual pc doesn’t support bigger VHD’s), and do not attach the VHD’s on the same system you created them because you will get an collision with the signature of the VHD’s source disk.

Ofcourse they put in in their Sysinternals Suite that can be downloaded from here

Since Henk is the MDT guy on this blog he got me interested enough to give it a try. For testing purposes i use and break a lot of virtual machines so using MDT + WDS to recreate them wasn’t such a bad idea. Out of the box you can give your task sequence the option to run windows update post-setup: But then it will run every time .  As you all know you can add your own applications as optional packages so you can select them pre-installation. This got me thinking: Let’s add windows update as optional package and use the framework that’s already available for this.

Howto:

• Add a new application
• Standard application
  • Quiet installation command
    • cscript.exe “%SCRIPTROOT%\ZTIWindowsUpdate.wsf”

That’s it

Or maybe not , it could be they already planned to release a new beta version of ThinApp in november. VMware announced this news at VMworld 2009. The final release is planned for Q1 2010 a little late if you ask me.. since there are already some working versions out there: for instance check Rubens video. 

Next to that i also found a nice howto that shows how to decompile Thinapp and Xenocode packages created by NickOn and a nice little script that executes Thinreg in a decent way with support for recursive folders (here).