Microsoft announced a solution to the limits of VLANs in the cloud using a new feature that was codeveloped for Windows Server 2012 Hyper-V and Windows Azure. This new feature was called Hyper-V Network Virtualization (HNV). This is based on a more general concept called Software Defined Networking (SDN).
via Introduction to Hyper-V Network Virtualization (HNV).
SDN and HNV abstract IP address spaces. This is done using two types of address:
Consumer Address (CA): This is the IP address that the tenant uses in their virtual network. This address is set in the guest OS of the virtual machine as normal; it’s the only address that the tenant is normally aware of.
Provider Address (PA): This is the address that is assigned to the NIC of the virtual switch network to allow virtual machines to communicate at the physical layer.
As far as I can tell from this article a CA is just a private IP and a PA is simply a MAC address, renamed. To the cloud user however none of this should matter. I’m struggling to understand the innovation here. Some of the networking concepts mentioned later in the article seem to add a lot of complexity to the IP layer.
VMware has long had an aversion to supporting virtualization tools other than its own, even as rivals like Microsoft and Citrix happily built management software that could control the deployment of virtual machines using both their own hypervisors and VMware’s. VMware always had a plausible excuse in that its own vSphere virtualization platform was so widely used that supporting anything else was unnecessary—although Hyper-V’s advances are making that argument less convincing.
via VMware realizes it doesn’t rule the cloud, boosts support for Amazon | Ars Technica.
“Everybody has a hypervisor today and everybody gives it away for free,” Maritz continued. “What it’s all about are the automation layers on top of it,” and extending the benefits of virtualization from servers to the entire network.
How is VMware achieving that? The company today explained it wants to make “virtual data center” a phrase just as commonly uttered as virtual machines. Instead of merely virtualizing CPU capacity, a virtual data center brings CPU, storage, network services, security, load balancing, and other characteristics together into a single profile that can be easily reproduced and provisioned.
via As Microsoft gains, VMware insists that it maintains the upper hand | Ars Technica.
A ring3 attacker may be able to specifically craft a stack frame to be executed by ring0 (kernel) after a general protection exception (#GP). The fault will be handled before the stack switch, which means the exception handler will be run at ring0 with an attacker’s chosen RSP causing a privilege escalation.
via US-CERT Vulnerability Note VU#649219 – SYSRET 64-bit operating system privilege escalation vulnerability on Intel CPU hardware.
Details from Red Hat
RHSA-2012:0720-1 & RHSA-2012:0721-1: It was found that the Xen hypervisor implementation as shipped with Red Hat Enterprise Linux 5 did not properly restrict the syscall return addresses in the sysret return path to canonical addresses. An unprivileged user in a 64-bit para-virtualized guest, that is running on a 64-bit host that has an Intel CPU, could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the hypervisor level. (CVE-2012-0217, Important)
Expanding the ability of Cisco networking tools to work with Hyper-V could help Microsoft make its case that its server virtualization software is a viable alternative to VMware. The analyst firm Gartner has praised the Hyper-V technology and said Microsoft has the advantage of providing management tools that are familiar to Windows administrations, but that it has struggled to convert large enterprise customers from VMware to Hyper-V.
via Cisco plans virtual switch for Hyper-V in Windows Server 8.
A team of researchers have devised a way to create an isolated and trusted environment on virtualized servers. Called the “Strongly Isolated Computing Environment” (SICE), the approach makes it possible to run sensitive computing processes alongside less secure workloads on the same physical hardware.
via Researchers create stealth virtual machine that can run alongside insecure VMs.
The Xen® hypervisor, the powerful open source industry standard for virtualization, offers a powerful, efficient, and secure feature set for virtualization of x86, x86_64, IA64, ARM, and other CPU architectures. It supports a wide range of guest operating systems including Windows®, Linux®, Solaris®, and various versions of the BSD operating systems
via Welcome to xen.org, home of the Xen® hypervisor, the powerful open source industry standard for virtualization..