IThastobecool.com

One of the things that I come across in my everyday job is the fact that the “Workstation” virtualization software that is being used at every customer differs based on personal preference of the engineeers or the fact that a company has made a guideline for this.

With “workstation” virtualization software I mean the software that is being used to build images, test out some software etc. The products that I see that are most used:

• VMware Workstation
• Microsoft Virtual PC 2007
• Microsoft Windows Virtual PC (Windows 7)

So why is that so annoying? It isn’t actually, it’s a minor nuisance.
The only problem I have is that in my daily work I give workshops and labs, for which I use… yes Virtual Machines . The problem is that I have to give the workshop/lab at the customer site, where they use for instance VMware Workstation, for which I and the company I work for don’t have any official licenses, and I’m not going to use a keygen or something like that!

So I have to download the trial of VMware workstation, create my lab VM’’s in that product and copy those to the customer’s environment. So for the same lab/workstation I need at least 2 images, VMware and Virtual PC

Recently I came into contact with VirtualBox (now from Oracle). Which is the perfect man in the middle for me, it’s free, it can work with vmdk, vhd and vdi (VirtualBox’s native disk format). But even better, it can clone the virtual disks to any of those formats as well

So I can build my environment in VirtualBox at home, and at a customer site just clone the .vdi disk to the preferred format and attach it to a new VM in the customer’s preferred Virtualization solution.

Only downside I found is that there’s no native export to function in the VirtualBox Media Manager. It had to be done via a cmdline utility, no problem ofcourse. But being a lazy bastard as I am… I build a script and context menu’s using powershell, so I can right-click on a VDI, VHD or VMDK file and select Export virtual disk and select

I created a Powershell script which has to be placed in the VirtualBox install directory, and then you need to edit the registry to enable the context menu items…. nah just kidding… download the zip contained in this post and extract it somewhere and run the Install.cmd as an adminstrator. Then you’re set to go… provided you already installed VirtualBox ofcouse .

NOTE 1: I only tested this on Powershell V2, but I think it should work with Powershell V1.
NOTE 2: The powershell execution policy should be set to Unrestriced for this to work!
NOTE 3: It’s important that you run the Install.cmd as an administrator as it makes changes to HKLM\Software\Classes
NOTE 4: Be aware that Microsoft Virtual PC only has support for 32-bit guests, so if you have to prepare a lab/workshop for virtual pc make sure you created a 32-bit machine in VirtualBox.

Download the files

Today I found an interesting article from Gartner, they predict that in 2012 60 percent of all virtual servers will be less secure than the physical servers they replace. Gartner expects this percentage to drop to 30% at the end of 2015. 

These are the main risks Gartner identified, for the complete article check this page.

• Information Security Isn’t Initially Involved in the Virtualization Projects
• A Compromise of the Virtualization Layer Could Result in the Compromise of All Hosted Workloads
• The Lack of Visibility and Controls on Internal Virtual Networks Created for VM-to-VM Communications Blinds Existing Security Policy Enforcement Mechanisms
• Workloads of Different Trust Levels Are Consolidated Onto a Single Physical Server Without Sufficient Separation
• Adequate Controls on Administrative Access to the Hypervisor/VMM Layer and to Administrative Tools Are Lacking
• There Is a Potential Loss of Separation of Duties for Network and Security Controls

 

 ”Virtualization is not inherently insecure,” said Neil MacDonald, vice president and Gartner fellow. “However, most virtualized workloads are being deployed insecurely. The latter is a result of the immaturity of tools and processes and the limited training of staff, resellers and consultants.”

The Sysinternals guys did it again . This time they have given us the "Poor mans P2V" solution, and they call it: Disk2VHD.

The idea behind this is pretty cool, they use the Windows Volume Snapshot capability, to create consistent point-in-time snapshots of the volumes you want to convert. It will create one VHD for every disk but it will only include the partitions you select. The really cool thing about this: You can run it ONLINE!

There are some (small) limitations the VHD size limit is 127GB (because virtual pc doesn’t support bigger VHD’s), and do not attach the VHD’s on the same system you created them because you will get an collision with the signature of the VHD’s source disk.

Ofcourse they put in in their Sysinternals Suite that can be downloaded from here

The guys at virtualfuture.info have released a new version of their Application Virtualization Comparison Chart. This document compares all of the major products in the application virtualization market.

Symantec	Software Virtualization Solution 6.1 Workspace Streaming 6.1
Microsoft	Application Virtualization 4.5 CU1
Citrix	XenApp 5.0 & Streaming Profiler 1.3.1
InstallFree	Bridge 1.9.2.6
VMware	ThinApp 4.0.3 (Build 3313)
XenoCode	Virtual Application Studio 2009 SP1

In this document not only the performance counts but also the feature lists are compared and put together in an easy to read overview. I have to say: Great job guys!

Want to read this document yourself ? Click here to go to virtualfuture.info

As Mark pointed out in his earlier post: The VMware Thinapp team really needs to wake up… it’s not acceptable (from my point of view) to still not have Windows 7 support for you application virtualization product!!

Mark pointed me to an alternative called Xenocode: This is looks a LOT like Thinapp/Thinstall and works on Windows 7 as well

Virtualizing Applications

To get started, first go to www.xenocode.com and download the Virtual Application Studio.
When you fire up the VAS you get a wizard which provides you with 3 ways of virtualizing your application:

The first option allows users to easily virtualize an application using a template. This template contains all the settings for virtualizing an application. It’s as easy as next next finish . This is really awesome for organizations where you want your application support team to virtualize the application, as they don’t have to know in-depth how application virtualization works .

The second option allows users to virtualize an application the way we know it from VMware Thinapp. It first takes a snapshot of the computer, then prompts the user to install the application /set configuration options etc and then takes another snapshot and does a diff on the snapshots to determine what files and registry settings should be in the virtual application.

The third option allows users to manually specify the files/folders and registry settings that are required for this application to run (really useful when virtualizing your in-house developed applications, seeing as the developers know exactly what file should go where, and you don’t get any clutter from background processes etc.)

After you captured your application, you can easily include common runtimes from the runtimes tab (such as the .NET frameworks, java, flash etc)

The toolbar on the left side of the screen gives us access to the various parts of the virtual application, such as File system, Registry etc.

I’ts also possible to generate a MSI package for the virtual application for easier deployment using SCCM/MDT/GPO/Whatever you use to deploy your software to your users.

For troubleshooting your virtual application Xenocode provides a checkbox to Generate diagnostic-mode executable. Basically what this does is create an executable that will output logging in 3 log files next to the application, so if something is not working in your application, you can easily troubleshoot

If you enabled it in your application settings (on by default) it’s also possible to pass command line switches to your application at startup time.

• /XEnv=Variable Name=Value Specifies additional environment variables.  Multiple /XEnv arguments can be used to add additional environment variables.
• /XLayerPath=Layer Path Adds the given xlayer file into the virtual environment.  Multiple /XLayerPath arguments can be used to add additional virtual layers.
• /XSandboxPath=Sandbox Path Specifies the path to be used for the application sandbox.
• /XShellEx=Command Specifies a shell execute command to be launched from within the virtual application environment.  This option overrides any startup files specified in the virtual application configuration.  Only one /XShellEx argument can be specified.
• /XShellExVerb=Command Verb Specifies the verb to be used in conjunction with the XShellEx command.  The default verb is OPEN.

Middleware

When dealing with middleware, in Thnapp we could specify an applink and with App-V we can use dynamic suiting to allow for interbubble communications. In Xenocode you don’t make an application for your middleware, but make it a component, which you can import in your applications.

 

Deploying Virtual Applications

Deployment of the virtual applications is done through a tool called XReg. This allow the administrator to control how the application is published to the user.

 

This can be done from a startup/logon script. This area needs some more work in my perspective, there’s not a nice and nifty GUI management interface as with App-V.

Also the possibility to create MSI’s makes deployment a bit easier, just use your favorite deployment method for your virtual applications.

Pricing

Not the most fun part for us techies, but important for the ones who have to make the decisions about investments, and what application virtualization technology will be used.

The Xenocode Virtual Application Studio ISV Edition costs $1599

End-User licenses: $40 per seat.

 

Well that’s about it . As a final conclusion i think Xenocode is a real nice application virtualization product, it works easily and out of the box, users don’t have to know a lot about Windows and application when you just give them the right application templates . As with VMware Thinapp, the problem is how to distribute the applications to your clients, and how do you make sure that all users have the latest version of the virtualized application… well that’s something the Xenocode team needs to think about I guess.

Today a negative post from my side, VMware what are you doing, is everyone of the Thinapp team on a permanent vacation ? Why is there still no Windows 7 Support ? And even more important: Where is the official statement telling us when it will be available.

 

 What is the alternative: XenoCode perhaps!

When comparing features XenoCode is very alike with Thinapp (Only they have win7 support ). When it comes to being userfriendly during the capture off applications XenoCode is far ahead, they have include a standard set of templates for common applications.

A smart thing to create from the XenoCode team is the converter this is the Ability to import external application configurations, including VMware ThinApp configurations: Customers who have already packaged applications using other technologies, including VMware ThinApp/Thinstall, can now import these configurations into Studio with a single click, without the need for any recapture.

Want to try XenoCode quick and simple just try some applications online! you can just run them like a youtube video after installing a little plugin: click here to test.

 While i was writing this post Henk got all exited about XenoCode and wanted to give it a try so he’s gonna write the follow up

That’s right… not the Clone Wars (c’mon i’m a computer guy, ofcourse I love Star Wars) but the Virtualization Wars.

Citrix CTO Simon Crosby challenges VMware CTO Stephen Herrod for a stand-off.
It all started with a blogpost of the VMware performance team: http://blogs.vmware.com/performance/2009/01/virtualizing-xenapp-on-xenserver-50-and-esx-35-1.html
In this publication the VMware performance team claimed that ESX outperformed XenServer when running a virtualized XenApp server. That’s quite the opposite of what most of us in the field are noticing… and more importantly, it’s quite the opposite of the publication of Project Virtual Reality Check, an independent research and a joint venture of Login Consultants and PQR. During Project VRC the virtual workloads were generated using the Login VSI methodology, which Mark and I created together with Jeroen van de Kamp and dr. Bernhard Tritsch. VSI uses AutoIT scripts to simulate load in a user session…. hmm exactly the same that VMware did… only their testing methodology is poorly explained and not detailed at all. Quite the opposite with the VRC whitepapers, which contain a detailed description of the used methodology! 1-0 for VRC.

Allright, that’s of course only my unbiased view on this situation, seeing as I was one of the team members of project VRC and one of the authors of the Login VSI tool.

Citrix CTO Simon Crosby responded with the following on the VMware publication:

As a former academic, I’d give this mumbo jumbo an F grade. Bad science, bad scientists, uneven playing field

Read and delight yourself with the furious reaction of Simon Crosby:  http://community.citrix.com/blogs/citrite/simoncr/2009/02/02/VMware+Wins!+(Bad+Science+Required)

Do you wonder about virtualization? Are you seeking for the best virtualization platform for your specific environment? Project VRC shows you the way!

Project Virtual Reality Check (VRC) is a joint venture of Log•in Consultants and PQR, who have researched the optimal configuration for the different available hypervisors (hardware virtualization layers). The project arises from the growing demand for a founded advice on how to virtualise Terminal Server and Virtual Desktop (VDI) workloads. Through a number of researches, Log•in Consultants and PQR show you the scaling possibilities for Terminal Server environments as well as Virtual Desktops.

See www.virtualrealitycheck.net for more details!