What is special about a virtual computer-a VM? It's a computer in a file. That's it. It's just a computer stored in a file with similar foibles and management issues as a physical computer. So why do some people invest virtual computers some magical transformative powers? Do they not understand what a virtual computer is?
What is special about a virtual computer-a VM? It's a computer in a file. That's it. It's just a computer stored in a file with similar foibles and management issues as a physical computer. So why do some people invest virtual computers some magical transformative powers? Do they not understand what a virtual computer is?A computer is a bunch of software-BIOS, operating system, and applications---running on some hardware. A virtual machine (VM) is a computer, but the hardware the virtual computer thinks it is running on is an abstraction of the physical hardware. The VM runs in the hypervisor which presents the same hardware to the VM regardless of the actual hardware. That allows you to move a VM from one hypervisor to another without any hardware issues. The hypervisor does a bunch of other interesting things as well, but they aren't relevant to my point. You probably know all this already, but it's good to set the stage.
Recently two different observations about virtualization have come up that need correcting. The first is that the Open Virtualization Format (OVF), which is a DMTF format for standardizing a VM file format, is the cause of VM sprawl and spreading malware. Kris Buytaert made this assertion about OVF. The second observation is that there is this thing called a VMtrojan that is a trojan somehow made more dangerous by virtue of being on a VM.
Let's take these one at a time. First, OVF is a file format. OVF is not a locomotive force directing your hands to deploy more and more VMs higgledy-piggledy throughout your network. Nor is OVF a vehicle for spreading malware either. If OVF makes adding to sprawl or spreading malware any more or less of a problem in your network, then you have far, far bigger problems to deal with like how you manage your VM infrastructure. People and processes are the cause of sprawl.
On the topic of virtual Trojans, how do you manage-by that I mean install, update, and protect- a VM is just like you manage a physical computer. It's not magic. There is nothing inherently special with virtualization that means you need to treat a VM much differently than any other computer. Rueven Cohen who gained some notoriety with the Cloud Computing Manifesto posted this frightful gem to the Cloud Computing Interoperability Forum (CCIF):
The types of attacks a VMT [virtual machine Trojan] can execute are different than a normal trojan. The VMT does not have access to the host machine; rather, it has access to the local network. Therefore, a VMT can be programmed to do the following:
Sniff traffic in the local network
Actively scan the local network to detect machines, ports and services
Do a vulnerability scan to detect exploitable machines in the local network
Execute exploits in the local network
Brute force attacks against services such as ftp and ssh
Launch DoS attacks within the local network, or against external hosts
And of course, send spam and conduct click fraud
That list details what Trojans do and being on a VM makes absolutely no difference at all. None. Not in the infection. Not in the spreading. Not in the execution. A VM is a computer. A VM with access to the network is a networked computer which is no different than a physical computer on a network. Saying there is a difference is either FUD or shows a complete lack of understanding about what a VM and a computer are. Thankfully, there are some voices of reason in the CCIF who have pointed out the absurdity of equating Trojans in a VM as any different than any other Trojan.
The Agile ArchiveWhen it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
2014 Analytics, BI, and Information Management SurveyITís tried for years to simplify data analytics and business intelligence efforts. Have visual analysis tools and Hadoop and NoSQL databases helped? Respondents to our 2014 InformationWeek Analytics, Business Intelligence, and Information Management Survey have a mixed outlook.
Top IT Trends to Watch in Financial ServicesIT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Join us for a roundup of the top stories on InformationWeek.com for the week of September 18, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."