[lug] So much for VMware

Nate Duehr nate at natetech.com
Sat Dec 2 01:43:50 MST 2006 

Michael J. Hammel wrote:

> Back to the original subject:  VM makes sense with modern hardware
> because most desktop hardware provides far more computing power than
> most spreadsheets can use.  Virtualize that hardware and you can share a
> single desktop system with a workgroup using thin clients.  It's better
> use of resources.  Not in all cases, mind you.  But it does make sense
> for many situations.  I know it makes sense in software development
> environments if you need to test cross-platform support.  I only need
> one desktop, but I can run many operating systems side by side.  Beats
> having to try and run Windows remotely to build and test a Java app.  

I get using virtualization, I do it here on a number of machines, but 
the real original subject was the recent exploits of hardware-secured 
virtualization.

The hype surrounding the usefulness of virtualization for public servers 
got enough out of hand, that the hardware engineers built in a way to 
completely isolate the virtualized machine from the hardware -- thus, 
supposedly providing "security" between virtual machines.  It also has 
been reported that it in theory (I don't keep up with the security lists 
enough, but I hadn't seen anything about a real in-the-wild exploit that 
took advantage of this yet) it could be used to provide a convenient 
place for a "bad guy" to hide on such a nice fast machine.

My contention, and my comments about virtualization hype being taken too 
far... were pointed squarely at the chipsets that make it "virtually 
impossible" (heh... no pun intended, but that's a good one) for the 
owner of the machine to even see that someone else is using it.  That's 
taking it too far.

Virtualized mainframes (since someone went there...) and most forms of 
virtualization prior to these chipsets always had a way for the Grand 
Poohbah administrator to see who was running what inside their virtual 
environments.

This latest round of hardware virtualization techniques on PC-class 
hardware seems to have gotten the whole idea totally wrong... driven by 
customer desires for "security" between virtual machines.

That's all I was a' sayin'...

Nate

More information about the LUG mailing list