LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Press page

Recent Features

LWN.net Weekly Edition for February 16, 2012

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

VMware exec says Windows days are numbered (ComputerWorld)

[Posted August 20, 2008 by cook]

Stephen J. Vaughan Nichols discusses Paul Harapin's predictions for the end of Windows. "Seriously. In an ITWire tale, Paul Harapin, VMware's managing director for Australia and New Zealand said Windows is already being replaced by virtual appliances running on Linux. In ten-years, there will be no more Windows. OK. I know people at Red Hat who would say that that's exactly what will happen. That's right out of the new Red Hat KVM-based virtualization playbook. But, someone from VMware saying this? Wow."
(Log in to post comments)

VMware exec says Windows days are numbered (ComputerWorld)

Posted Aug 20, 2008 18:18 UTC (Wed) by rahvin (subscriber, #16953) [Link] 

I think he's right. Any service that can be replicated on Linux will be. It just makes sense
and it's the primary seller of VMWare. 

In fact VMWares success directly related to the creation of  Redhat's strategy, and it's not
just Rehat, Novell has a very similar strategy. There's big money in VM right now. Maybe Xen
and the OSS distributors can cannibalize or grow the market but the fact is VM a huge money
saver for companies. Power has gotten so outrageously expensive along with the cooling to go
with it that servers have a tremendous long term expense. If you can shrink 6 servers in 1
your long term savings more than make up for the cost of software and/or support and that has
caused the creation of a huge market for software to handle the VM's a market by my estimation
(given energy costs) is going to continue to grow and expand. Once you have the VM
architecture it's almost a no brainer to replace MS services with small individual Linux VM's
to handle the tasks. Need 3 VM's to handle the task of a single windows server? Not a problem
once the architecture is in place, the only costs are support.

I just don't get virtual appliances

Posted Aug 20, 2008 23:11 UTC (Wed) by dmarti (subscriber, #11625) [Link]

If you deliver an application as a "virtual appliance" then any OS security update becomes a security update to your application. Sure, you can strip the OS down, but imagine a customer with a bunch of ISVs' virtual appliances on the day everybody releases a fix for a commonly used library.

I just don't get virtual appliances

Posted Aug 21, 2008 5:36 UTC (Thu) by k8to (subscriber, #15413) [Link] 

Is the cost for this really higher than the cost for updating the library for only "one"
operating system per host?  I assume one of the following is true.

1 - You use the normal distro update mechanisms
2 - You use a custom update mechanism
3 - You don't have any rhyme or reason for update mechanisms

Does haveing various virtualized machines tend to move people from one choice to another?  I'd
expect there'd be some of 3, and then customer pressure to enable 2, products to do 2, or at
least a return to 1, among the vm-application providers.

There are certainly likely to be more raw updates, but the computation time to update is not
high, and the bandwith cost is solvable with networks.  The problem scenario is if each VM
explodes, you have more explosions, but I think you're somewhat screwed in a non-VM case as
well if you use 1 or 2 to automate exploding your entire server farm.

What am I missing?

I just don't get virtual appliances

Posted Aug 21, 2008 22:31 UTC (Thu) by rahvin (subscriber, #16953) [Link] 

I don't think the pain of updates to Linux is anywhere near the pain of updating MS products.
Not being in IT, I had always heard that patch Tuesday are the worst updates to apply as you
never have any idea of what they will break because of how convoluted the windows code base
is. Having hundreds of VM's as opposed to 1/3 as many Windows servers would seem to me at
least to be far easier to handle. Especially given how easy patching the major distributions
is now as most have auto security update systems you can use.

VMware exec says Windows days are numbered (ComputerWorld)

Posted Aug 23, 2008 19:07 UTC (Sat) by giraffedata (subscriber, #1954) [Link]

When you replace 6 servers with 1, what are you shrinking? Same number of MIPS, same amount of memory, same amount of disk space.

I think you're just shrinking physical administrative work. Most of the advertisement I see for doing this combination stresses the reduction of the most expensive resource -- human.

I know combining lets you overlap the reserves that you build into each of the 6 servers, but I think of that as adminstrative cost too, because you build that in to avoid the labor involved in moving physical resources around when the workload changes.

VMware exec says Windows days are numbered (ComputerWorld)

Posted Aug 23, 2008 21:12 UTC (Sat) by dlang (✭ supporter ✭, #313) [Link]

actually, you are not shrinking your administrative work, you are increasing it.

before you had six copies of an OS to patch and administer, after combining them you now have seven (the six virtual machines and the host OS)

unfortunately many people view virtual machines the way you do and don't ever update them, eventually this is going to start catching up with people.

there are valid reasons to do virtualization
if you have one or more of the following situations

1. you have programs that won't play well with each other that you want to isolate.
2. you have systems that require administrative access from different people that you want to isolate
3. you want to keep each system image as simple as possible to ease administration (accepting the cost of administering more systems)
4. you have systems that have peak uses that don't overlap

and the requirements of the systems are such that a single box can power them all

then it can save you power, rackspace, and possibly money to buy one box to host the other logical systems as virtual machines.

virtualization doesn't solve many problems by itself (in spite of what the vendors claim). yes, it allows you to do graceful migrations from one system to another (by suspending the virtual machine on one box and starting it on another), but only if all the settings are still valid in the new location (same network settings work, no connections to local resources, etc). but this is _not_ the same as making the application highly available, if the first machine crashes the second machine does not have a fully up-to-date copy of the virtual machine to run

VMware exec says Windows days are numbered (ComputerWorld)

Posted Aug 23, 2008 21:45 UTC (Sat) by giraffedata (subscriber, #1954) [Link]

actually, you are not shrinking your administrative work, you are increasing it.

Possibly, but note that I didn't make a statement about the total administrative work. I said you shrink the physical administrative work. This is apparently especially costly for some installations. Taking racks apart and moving memory and CPUs or recabling is more expensive than typing commands from a remote office. Sometimes those commands can even be issued automatically.

VMware exec says Windows days are numbered (ComputerWorld)

Posted Aug 20, 2008 18:52 UTC (Wed) by sg7jimr (guest, #22837) [Link] 

The irony here is that Windows is the horse VMware bet on.  They abandoned Linux users by
making their VirtualCenter product (which manages VMware clusters) a Windows application, and
migrated their old management client from an architecture that ran on Linux to one that
required .Net.  Linux administrators wanting to manage VirtualCenter are stuck with a very
limited and clunky web interface.  If VMware can see the future so clearly, what bonehead made
that design decision?  Who besides VMware thinks Windows when they hear the term "high
availability cluster"?  The bias in favor of Windows is also seen in the related Converter and
Consolidated Backup utilities.

VMware exec says Windows days are numbered (ComputerWorld)

Posted Aug 20, 2008 19:28 UTC (Wed) by wilreichert (subscriber, #17680) [Link] 

No worries, they've got 10 years to re-write everything in gnome and kde flavored versions.

VMware exec says Windows days are numbered (ComputerWorld)

Posted Aug 21, 2008 20:22 UTC (Thu) by massimiliano (subscriber, #3048) [Link]

Or, if they developed it using .NET (extremely likely), they'll just port it to Linux very easily...

VMware exec says Windows days are numbered (ComputerWorld)

Posted Aug 20, 2008 19:54 UTC (Wed) by leoc (subscriber, #39773) [Link] 

I think he means on servers, not clients.

VMware exec says Windows days are numbered (ComputerWorld)

Posted Aug 20, 2008 20:59 UTC (Wed) by chojrak11 (guest, #52056) [Link] 

I'd say one more VMWare's fuckup and *their* days will be numbered.

VMware exec says Windows days are numbered (ComputerWorld)

Posted Aug 20, 2008 21:20 UTC (Wed) by ccchips (subscriber, #3222) [Link] 

Right.

6,491,237,442,918,220

;)

VMware exec says Windows days are numbered (ComputerWorld)

Posted Aug 20, 2008 21:51 UTC (Wed) by Cato (subscriber, #7643) [Link] 

Microsoft is a direct competitor of VMware so it's hardly surprising that VMware promotes
Linux as competition for Microsoft.  I hope they're right but they could make a start by
providing better product support for Linux, as mentioned above.

VMware exec says Windows days are numbered (ComputerWorld)

Posted Aug 21, 2008 0:19 UTC (Thu) by dps (subscriber, #5725) [Link] 

I think the end of windows is unlikely to happen soon. In particular KVM and VMware are
actually rather good x86 box simulators (albeit with some hardware assistance, which probably
helps quite a lot). This allows you to *continue* to use windows rather than move wholesale to
something else.

Xen is different. Despite actually managing to make one version of windows work a version of
Xen licensing issues made it impossible to use. Xen ports of Linux and FreeBSD, where the
licensing was not a problem, are actively used.

What might be numbered are the days of higher-end boxen running windows, providing lots of
services and not being very insecure as a result. Virtual machines isolate the services making
breaches much more limited.

I expect to see the same thing happen on linux, solaris, etc but less so because those systems
and fundamentally more secure[*]. SELinux, and systems like trusted Solaris, offer
capabilities that windows on VMware can only dream about.

On the desktop none of this really applies. Isolation at this level is usually annoying and
reduces productivity. Only if your desktop might have both secret and top secret windows, and
users that cannot be entirely trusted, are you likely to think the extra security is worth the
pain of seriously reduced desktop features.


[*] You can render this statement false by moves like allowing large groups of people access
to a root shell (like my work does). I would be one of the people that does have this access,
which I have never had any desire to use myself.

Note than I *not* a system administrator---if I was root access would be restricted the few
people that could find a very good reason for having it. You might also find some of your
"unlimited internet access" only works if you use the provided proxies.

VMware exec says Windows days are numbered (ComputerWorld)

Posted Aug 21, 2008 2:13 UTC (Thu) by Sutoka (guest, #43890) [Link] 

There are a few cases where I think VMs/Containers might be very useful on the desktop,
primarily with web browsers.

Web Browsers are *still* the main point of entry for most infections (not counting the silly
ones where the user explicitly downloads, installs, and grants permission) on the desktop, so
being able to restrict it as much as possible would greatly help security.

If the Web Browser could be thrown inside a very restricted VM or Container you'd be able to
greatly limit the impact of most browser exploits (I'm not gonna even think about the case
where the user downloads, grants permission to, and runs 'EVILSCRIPT.SH' as thats a completely
unrelated problem). If a small chunk of the browser was split off into a helper app that ran
in the host system as the user wanting to browse the web (that'd simply be the process
responsible for writing any data other than the cache/history/cookies, popping up the file
dialogs and etc), that'd allow the user to keep (most) all the functionality while greatly
reducing the attack vectors; you'd have to compromise the web browser, THEN either the helper
app (which should be *much* easier to audit as the code should be far smaller), the kernel(+VM
if not using a container), or Xorg (from what I hear, this'd be a *major* problem).

At the very least it sounds interesting to me in theory, a similar approach could be taken for
lots of desktop applications (like online games), and Containers sound like they'd be the best
way to implement this although I have little experience with them (like can you put an
application into a container with an EMPTY filesystem?).

VMware exec says Windows days are numbered (ComputerWorld)

Posted Aug 21, 2008 5:24 UTC (Thu) by Duncan (guest, #6647) [Link] 

Actually, the concept of a VM browser appliance, it's own little 
machine, /without/ that helper you mentioned, seems pretty appealing to 
me.  So it gets 0wn3d, so what?  Let it run amok in the VM where it can't 
touch anything else, and where shutting down the browser shuts down the 
VM, which is reset to a mostly clean state on restarting it.  Let the save 
dialog save in that sandbox, not anywhere out of it, and let the user 
access the stuff in that sandbox as they would stuff in a chroot from 
outside it.  The user could then cp/mv a file to elsewhere on the the 
parts of the system they can write to, but the browser and anything 
(plugins, etc) running in the same VM would have access only to the 
filesystem and machine in the VM.

One could even have a special VM supplied by their bank, that /only/ did 
banking, and was separate from all the other VMs.  Online games and the 
like could work similarly.  Mail?  Same thing, it's own VM, limited to 
writing to its own VM managed filesystem sandbox.  That one could have a 
browser in the VM as well, which would load when you clicked a link, but 
it too could only write in the common mail/browser sandbox, which would be 
separate from regular system browser sandbox.  The user in the hypervisor 
could of course copy files and etc between sandboxes or out of the 
sandboxes into the hypervisor level, but the apps within the VMs couldn't 
access anything outside their VM.

Of course this would play havoc with browser based system updates, since 
all they'd update would be their little VM, not the hypervisor, which 
would have to run its own updates, but that shouldn't be a problem.  The 
hypervisor could in fact have its own little update VM (it's a net based 
update fetching service so it goes in a VM, not directly on the 
hypervisor), limited to that one special service, with the hypervisor then 
copying the updates out of it and applying them on the main system.

Meanwhile, VMWare's still black-box proprietaryware, and as such, it's out 
of the question here, as of course are MS OSs in VM or out.  KVM or xen, 
sure; they aren't proprietaryware.

Duncan

VMware exec says Windows days are numbered (ComputerWorld)

Posted Aug 21, 2008 9:14 UTC (Thu) by NAR (subscriber, #1313) [Link] 

Well, when I click on a link pointing to a .doc file, Opera opens OpenOffice for me, so the VM
should have an OpenOffice too. And a PDF reader. And a media player.

Anyway, I'm not sure how this would make anything more secure. I don't know if the browsers
have any code that they automatically run on startup (think about Firefox extensions) - for
the attacker it's enough to install such code and the host is owned, at least for the purposes
of sending spam or trying to break into other hosts.

VMware exec says Windows days are numbered (ComputerWorld)

Posted Aug 22, 2008 1:30 UTC (Fri) by Sutoka (guest, #43890) [Link] 

>Well, when I click on a link pointing to a .doc file, Opera 
>opens OpenOffice for me, so the VM should have an OpenOffice 
>too. And a PDF reader. And a media player.

This is what I was thinking the helper app would be useful for, it could also mediate for the
other applications (although if you wanted to EMBED them inside the browser that would take
more work).

>Anyway, I'm not sure how this would make anything more secure. 
>I don't know if the browsers have any code that they automatically 
>run on startup (think about Firefox extensions) - for the attacker 
>it's enough to install such code and the host is owned, at least 
>for the purposes of sending spam or trying to break into other hosts.

You could use things like SELinux and firewalls (on the host and/or VM) to limit what the
browser in the VM could do. You could have the host+vm drop all out going mail connections
based on port, as well as dropping all incoming network connections. You could make the
malware author's job a bit harder by having a high-level firewall (layer 7 firewall, was it
called?) that'd drop non-http/https connections.

None of this is meant to be The One Solution, but just yet another layer of security (security
is all about layers, remember? :P). This wouldn't protect you against all issues, but it'd
help minimize the impact as well as compartmentalize the damage.

VMware exec says Windows days are numbered (ComputerWorld)

Posted Aug 22, 2008 10:00 UTC (Fri) by NAR (subscriber, #1313) [Link]

This is what I was thinking the helper app would be useful for, it could also mediate for the other applications (although if you wanted to EMBED them inside the browser that would take more work).

I don't really know how this helper application would work, but either it should be able to communicate out from the sandbox VM (e.g. to an already running OpenOffice instance), which is an obvious security threat, or there should be a complete OpenOffice, etc. installation inside the sandbox VM - in that case the synchronization of the preferences, etc. would be inconvinient.

You could use things like SELinux and firewalls (on the host and/or VM) to limit what the browser in the VM could do.

You don't really need a separate VM for that.

You could have the host+vm drop all out going mail connections based on port

The problem is that the user might want to send an e-mail from the VM (think about mailto: links). This setting would break this feature.

as well as dropping all incoming network connections.

On a typical desktop the host firewall drops these kind of connections anyway.

just yet another layer of security (security is all about layers, remember? :P)

On the other hand yet an other layer is yet an other piece of software that can contain bugs, can be misconfigured and annoys the users (think about the need to move files in and out of the VM).

I think that given the integration of browsers into the desktops, we've passed the point when a browser could have been put into a sandbox.

VMware exec says Windows days are numbered (ComputerWorld)

Posted Aug 22, 2008 1:49 UTC (Fri) by efexis (guest, #26355) [Link]

"Meanwhile, VMWare's still black-box proprietaryware, and as such, it's out of the question here"

Far from it, vmware already have an appliances download section on their website, and [at least] one of them is a browser vm; a small linux install which boots to browser you can run in vmware-player or -server (free downloads) on windows or linux.

VMware exec says Windows days are numbered (ComputerWorld)

Posted Aug 22, 2008 15:08 UTC (Fri) by jhardin (guest, #3297) [Link]

"Meanwhile, VMWare's still black-box proprietaryware, and as such, it's out of the question here"
Far from it, vmware already have an appliances download section on their website, and [at least] one of them is a browser vm; a small linux install which boots to browser you can run in vmware-player or -server (free downloads) on windows or linux.
"Far from it"? How does the availability of open-source VM guest images refute the claim that VMWare itself is a proprietary black box? That's like claiming the availability of open-source Windows programs means Windows itself is not proprietary...

If VMWare is not a proprietary black box, then please post a URL where we can download the buildable sources for it.

VMware exec says Windows days are numbered (ComputerWorld)

Posted Oct 14, 2008 2:38 UTC (Tue) by efexis (guest, #26355) [Link]

How does the availability of open-source VM guest images refute the claim that VMWare itself is a proprietary black box?

It doesn't, it refutes the claims that vmware being proprietary means things are "out of the question" for it, such as "Let it run amok in the VM where it can't touch anything else, and where shutting down the browser shuts down the VM, which is reset to a mostly clean state on restarting it". VMWare may be proprietary, but these things are possible with it.

VMware exec says Windows days are numbered (ComputerWorld)

Posted Aug 21, 2008 14:36 UTC (Thu) by shapr (subscriber, #9077) [Link] 

In my recent switch to doing windows development, I've discovered great benefits to running a
32bit windows system in VMWare on top of a 64-bit Linux host with 8GB of ram.
I think VMWare is right. At my job we deploy large chunks of software to production machines,
I'd rather deploy to a local VM and then run the new VM in place of the previous production
VM. Testing and everything else would be much easier.

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds