Diebold Virtualizes ATMs To Secure Banking Data – – Storage Virtualization – Informationweek.
Hackers–in some cases, company insiders–have put card readers on gas station service pumps and customer checkout machines in supermarkets, storing customer data in an encrypted file that can be downloaded by the hackers. Virtualization combats such attempts by making such a reading device an instantly identifiable interloper, since the endpoint device no longer needs any memory-equipped accessory.
KVM (Kernel-mode Virtual Machine).
Kernel-mode Virtual Machines (http://kvm.qumranet.com/) is a virtualization platform that leverages the virtualization capabilities available with current microprocessors from both Intel™ and AMD™. For an overview of KVM, please see my 2008 Linuxfest Northwest presentation.
For the impatient, here is our simple script. We’ll explain it afterwards. This is assuming that you’re on a 192.168.1.0/24 network with no DHCP server.
#!/bin/sh
PATH=$PATH:/usr/sbin:/sbin
sudo brctl addbr br0
sudo ifconfig eth0 0.0.0.0
sudo brctl addif br0 eth0
sudo ifconfig br0 192.168.1.120 netmask 255.255.255.0 up
sudo route add -net 192.168.1.0 netmask 255.255.255.0 br0
sudo route add default gw 192.168.1.1 br0
sudo tunctl -b -u john
sudo ifconfig tap0 up
sudo brctl addif br0 tap0
export SDL_VIDEO_X11_DGAMOUSE=0
sudo iptables -I RH-Firewall-1-INPUT -i br0 -j ACCEPT
qemu-kvm ~/win2k.img -m 512 -net nic -net tap,ifname=tap0,script=no
But VMware has dominated the virtualization market for so many years that the massive shift found in the survey may take longer than expected, if it happens at all. The virtualization layer, primarily composed of VMware software, has so many hooks into security, backup, automation, disaster recovery and various management tools that swapping hypervisors is no simple matter, argues an analyst who read the results of the survey, but was not involved in conducting it.
via Is VMware’s dominance of the virtualization market under threat?.
And here’s the conclusion.
VMware shops are certainly kicking the tires on Hyper-V and deploying it at least in test and development scenarios, and Microsoft is trying to lay the groundwork for both small businesses and enterprises to switch from VMware to Hyper-V. If 38 percent of businesses do change primary hypervisors within the next year, the folks in Redmond are likely to be the major beneficiary.
This should be useful to someone looking for HardwareVirtualMachine (HVM) compatibility by specific processors. In other words, CPU’s utilizing AMD SVM (Secure Virtual Machine), or Intel(R) Virtualization Technology (currently VT-x).
xm commands
List Domains (Xen Guests)
# xm list
Start a Guest
# xm create [guest-config]
Connect to a guest console ( Back: ESC-] (US-keyboard), Ctrl-5 (German keyboard))
# xm console [guest_name]
Shutdown a guest
# xm shutdown [guest_name]
Destroy (Power off) a guest
# xm destroy [guest_name]
Monitor guests
# xm top
virsh commands
# virsh
virsh # help
virsh start [guest_name]
KVM is a type-2 hypervisor built into the Linux kernel as a module and will ship with any Linux distribution moving forward as no work is required for the Linux distributions to add KVM. Having a virtualization platform built-in to the Linux kernel will be valuable to many customers looking for virtualization within a Linux based infrastructure; however these customers will lose the flexibility to run a bare-metal hypervisor, configure the hypervisor independent of the host operating system, and provide machine level security as a guest can bring down the operating system on KVM. Xen, on the other hand is a type-1 hypervisor built independent of any operating system and is a complete separate layer from the operating system and hardware and is seen by the community and customers as an Infrastructure Virtualization Platform to build their solutions upon.
There are two common approaches to virtualization – full virtualization and para-virtualization. Full virtualization provides complete abstraction between the hardware and the guest operating system. In this scenario, the guest operating system is provided a complete virtual physical environment in which to run and, as such, is unaware that it is running inside a virtual machine. One advantage of full virtualization is that the operating system does not need to be modified in order to run in a virtualized environment. This means that proprietary operating systems such as Windows can be run on Linux systems.
Disadvantages of full virtualization are that performance is slightly reduced as compared to para-virtualization, and some virtualization platforms, such as Xen, require CPUs with special virtualization support built in (such as Intel-VT and AMD-V).
via Installing and Configuring Fedora Xen Virtualization – Techotopia.
This tutorial provides step-by-step instructions on how to install Xen (version 3.0.1) on a Debian Sarge (3.1) system.
Xen lets you create guest operating systems (*nix operating systems like Linux and FreeBSD), so called “virtual machines” or domUs, under a host operating system (dom0). Using Xen you can separate your applications into different virtual machines that are totally independent from each other (e.g. a virtual machine for a mail server, a virtual machine for a high-traffic web site, another virtual machine that serves your customers’ web sites, a virtual machine for DNS, etc.), but still use the same hardware. This saves money, and what is even more important, it’s more secure. If the virtual machine of your DNS server gets hacked, it has no effect on your other virtual machines. Plus, you can move virtual machines from one Xen server to the next one.
Via The Perfect Xen 3.0.1 Setup For Debian | HowtoForge – Linux Howtos and Tutorials.
This howto works for other distros as well.
I’ve gone this far without ever having to compile a kernel … until now. 🙂 Though the howto is a bit dated, I downloaded the latest xen distro here. (xen 4.1.1)
Now, what about throughput? The host’s networking resources are shared amongst the virtual desktops it supports and users will suffer from poor performance if there’s insufficient bandwidth available. As such, consider routing virtual machine traffic over an SLB bond so that it’s automatically load balanced across two NICs. Virtual machine traffic is load balanced by MAC address and rebalanced every ten seconds. Failover support is provided for all other traffic types, including management and IP-based storage traffic. The load balancing algorithm associates traffic from each virtual interface to one of two NICs in the bond. It’s important to understand that it doesn’t allow a single virtual interface to utilize both NICs in the bond simultaneously.
via Open Source Rack » XenServer for XenDesktop – How many network cards do I need?.
I can see this getting complicated fast. XenDesktop seems to use a lot of network bandwidth. Someone must have done a study on this. Thin clients have been a marque product for the last couple of decades. Wouldn’t it be nice if our clients didn’t have a hard drive — as if merely eliminating a hard drive would eliminate all IT support for that device.
Todo: Get XenDesktop running and do some tests and estimations.