Technology

You are currently browsing the archive for the Technology category.

Best security in clouds is physical isolation ?

September 8, 2009 in Cloud Computing, Security by jc | No comments

A paper titled “Hey, you, Get Off of My Cloud: Exploring information Leakage in Third-Party Compute Clouds” soon to be released at CCS’09 is exploring the threats resulting from sharing physical compute resources in public clouds.
After demonstrating that despite the likely large number of physical machines in any given public cloud, it is possible to place hostile VMs next to targeted VMs; the authors are listing methods that are taking advantage of information leaking out through shared physical resources.

The paper concludes that the only foolproof solution is to limit sharing with potentially hostile tenants:

A user might insist on using physical machines populated only with their own VMs and, in exchange, bear the opportunity costs of leaving some of these machines under-utilized. For an optimal assignment policy, this additional overhead should never need to exceed the cost of a single physical machine, so large users — consuming the cycles of many servers — would incur only minor penalties as a fraction of their total cost.
Regardless, we believe such an option is the only foolproof solution to this problem and thus is likely to be demanded by customers with strong privacy requirements.

I have one issue with this recommendation: the colocation of many VMs from the same tenant on fewer physical hosts is increasing the risk of having single points of failure. Assuming 8 small instances per physical machine (based on the document estimates), and given the default limit of 20 active VMs per account, most accounts will need less than 3 physical servers, limiting the spread across the availability zones. At that point the tradeoff will be between availability, security and cost.

Compiling rTorrent on openSolaris

August 25, 2009 in OpenSolaris by jc | 5 comments

As I mentioned in a previous post, I’ve recently upgraded a PC to the latest opensolaris release, and had to port some of the applications over. One of these is the fast and efficient rtorrent client. I did not find recent packages in the repositories and had to compile it myself. I found that a future version of opensolaris may have the client integrated, and a case for the SFW consolidation was recently submitted by Huawei Zhang with all the required patches included.

The first step in the install is to make sure that the development environment is setup correctly. From the base opensolaris, I installed the following:

$ pfexec pkg install SUNWncurses
$ pfexec pkg install SUNWcurl
$ pfexec pkg install SUNWgnome-common-devel
$ pfexec pkg install SUNWgmake
$ pfexec pkg install SUNWgcc
$ pfexec pkg install SUNWgnu-automake-110
$ pfexec pkg install SUNWlibtool
$ pfexec pkg install SUNWaconf

The next step is to install libsig++ 2.0 that is required by rlibtorrent. Your mileage may vary, but I had better chance using gmake for all the builds. Note: You will find the lib in the repositories, but I had compilation issues and had to build it myself.

$ wget http://ftp.gnome.org/pub/GNOME/sources/libsigc++/2.0/libsigc++-2.0.18.tar.gz
$ gzip -dc libsigc++-2.0.18.tar.gz | tar xvf -
$ cd libsigc++-2.0.18
$ ./configure
$ gmake
$ pfexec gmake install

 
If you do not change the default location, you should have the libsig++ library installed under /usr/local.
Adding the following will help later to build the rlibtorrent and rtorrent itself.

$ export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:/usr/lib/pkgconfig

 

Next, on to install rlibtorrent. This is were I would recommend you take to version submitted to SFW with the associated patches.

$ wget http://cr.opensolaris.org/~alz/bittorrent/raw_files/new/usr/src/lib/libtorrent/libtorrent-0.12.2.tar.gz
$ gzip -dc libtorrent-0.12.2.tar.gz | tar xvf -
$ mkdir patches
$ cd patches
$ wget -r -l1 -nd -A.diff http://cr.opensolaris.org/~alz/bittorrent/raw_files/new/usr/src/lib/libtorrent/patches/
$ cd ../libtorrent-0.12.2
$ cat ../patches/rlibtorrent-* | gpatch -p1

 

The following is required because some am files were modified through the patching process.

$ aclocal-1.10 -I./scripts -I.
$ autoheader
$ libtoolize --automake --copy --force
$ automake-1.10
$ autoconf
$ ./configure --enable-shared --disable-static --with-ports --disable-libtool-lock
$ gmake
$ pfexec gmake install

 
Same principles to finally build the rtorrent client.

$ wget http://cr.opensolaris.org/~alz/bittorrent/raw_files/new/usr/src/cmd/rtorrent/rtorrent-0.8.2.tar.gz
$ gzip -dc rtorrent-0.8.2.tar.gz | tar xvf -
$ cd patches
$ wget -r -l1 -nd -A.diff http://cr.opensolaris.org/~alz/bittorrent/raw_files/new/usr/src/cmd/rtorrent/patches/
$ cd rtorrent-0.8.2
$ cat ../patches/rtorrent-0* | gpatch -p1
$ export LDFLAGS='-Wl,-zignore -Wl,-zcombreloc -Wl,-Bdirect  -L/usr/sfw/lib -R/usr/sfw/lib -L/usr/gnu/lib -R/usr/gnu/lib  -L/usr/lib/'
$ export CXXFLAGS=-I/usr/include/ncurses
$ aclocal-1.10 -I./scripts -I.
$ autoheader
$ libtoolize --automake --copy --force
$ automake-1.10
$ autoconf
$ ./configure
$ gmake
$ pfexec gmake install

 
Here it is. Hopefully I did not forget any step or made mistakes while capturing the commands, but you should have enough of a base to start and successfully build rtorrent. Do not hesitate to post a comment with your experience.

Updated on 09/07/2009 to add SUNWlibtool that I forgot. Thanks to Gustavo for pointing it out.

No ZFS in Snow Leopard ?

August 24, 2009 in MacOS, OpenSolaris by jc | No comments

Now that the shipping date for Snow Leopard is approaching, I came to the realization that I will not get rid of my Solaris based NAS. It’s been running flawlessly for the past 2 or 3 years (well, I lost several disks and a controller, but never lost any data), but I was hopping to consolidate everything on a Mac Pro with 8 cores.
Since ZFS is not going to be there, and this apparently until the next major release, I will likely upgrade my PC to a better setup in order to keep running ZFS. Even the open source effort on Mac OS Forge  seems to be going nowhere

In the mean time, I just upgraded my box to opensolaris 2009.06 and spent some time compiling the tools that I needed on the box, more on that later.

Sun to open source Ops Center

December 6, 2007 in Data Centers, Virtualization by admin | No comments

In a previous post, I mentioned the announcement of the Sun’s Ops Center product targeted to the management of virtual environments. In this post, I said that Ops Center was a re-branded N1 System Manager, while in fact, it seems that this is a merge of the Sun Connection and N1 System Manager in one tool :

A highly scalable datacenter automation tool merging discover, update, provisioning, monitoring, and reporting technologies from Sun Connection and N1SM into one tool.

However, by looking at the Oracle World demo, it seems that the UI is radically different from the N1 System Manager (gone the embedded CLI ?).

Also, by looking at the supported platform, it seems that Windows platform is not supported anymore :

Sun N1 System Manager :

From a centralized management console, customers can provision Solaris, Linux, and Windows with a simple drag-and-drop, and monitors the health of systems in an efficient manner.

Sun Ops Center :

The comprehensive, highly scalable Linux and Solaris life cycle management tool.

The good news is that Sun Ops Center will be delivered as open source too :

Building on Sun’s commitment to open standards and customer choice, Sun will continue to innovate the Sun xVM platform and collaborate with open source communities. The first of Sun’s contributions will be the Common Agent Container (CAC) code to the OpenxVM.org community under GPLv3. The CAC is the heart of the management infrastructure for many of Sun’s products, including the Sun xVM Ops Center. In addition, Sun plans to make the entire code base used by Sun xVM Ops Center available to the OpenxVM.org community in the first quarter of 2008.

It’s not clear however if this means the end of life for the N1 System Manager, since right now, the Ops Center does not provide a complete replacement.

 

Sun XVM and Ops Center

October 8, 2007 in Virtualization by admin | No comments

Sun announced new virtualization products last week. It seems to be a version of Xen hypervisor running on solaris . So now, Sun has three Solaris virtualization technologies: XVM, Solaris Containers, and LDOM. So, what it means is that a Sparc Server can be running a solaris container in a solaris XVM in an LDOM. This is 3 layers of virtualizations.

Also, in this announce, Sun presents Ops Center. This is a re-branded N1 System Manager. It seems that the focus will be on the management of the hardware, up to the operating system, combined with Sun Connection.

Mark Hamilton told The Register:

Sun has also announced a new management software package, Ops Center, that will work as a command and control console for physical and virtual gear- that’s to say the hypervisor and Solaris Containers. Sun said the software also includes discovery and inventory, application provisioning, software lifecycles automation, hardware and software monitoring and compliance reporting. Sun brazenly says “it does everything except unpack boxes and rack and cable systems.”

Ops Center is going to be released in December. It will be interesting to see how this can be leveraged by Configuration Automation tools like what BMC announced recently.

 

Parallels acquired by SWsoft

January 22, 2007 in MacOS, Virtualization by jc | No comments

According to this article, Parallels was acquired 3 years ago by SWsoft:

The tectonics of virtualization are shifting. It turns out that Parallels is not such a little company after all. About three years ago it was quietly purchased by an enterprise-focused virtualization company called SWsoft, a fact that has never been publicly disclosed until now.

SWsoft is providing Plesk, HSPcomplete, PEM and Virtuozzo, which seems to be the only virtualization related technology. It will be interesting to see if SWsoft applies its expertise in Self Service, Accounting and Billing to the VM Management space.

Open Source Virtualization solution for OSX

January 15, 2007 in Virtualization by jc | No comments

Today, VirtualBox announced the release of their product in the open source, using the GPL:

Jan 15, 2007. InnoTek today released VirtualBox Open Source Edition (OSE), marking an important milestone in the development of PC virtualization software. VirtualBox OSE is the first professional PC virtualization solution released as open source under the GNU General Public License (GPL). With VirtualBox, customers get the most versatile virtualization product on the market, both for enterprise and individual use. VirtualBox’ open source license allows everyone to contribute to the development of the product and customize it to suit individual needs. Backed by Europe’s largest team of virtualization experts, VirtualBox continues to be developed and supported.

Going through the screenshots, you can see that they have an alpha version of VirtualBox for OSX :

vbox_osx_alpha

 

Killer app for Palm : Google Map

January 6, 2007 in Technology by jc | No comments

I have been using my treo 650 for a couple of years now, and I must say that the early days were really bumpy. Lots of reset, freeze, and so on. However, recently, it has been really reliable (after exchanging it 3 times). Few months ago, Google released a Palm version of google map for mobiles. I use it daily since then. I get the traffic every morning on my way to work, and it has proven very reliable.

In this picture, you can see for example a congestion on the southbound 101, around San Bruno.

Snap-C1C5B014

Or, I use it to find a restaurant or other business, I even get their phone number, and can call them from the same screen.

Snap-C1C5B085

And you can even get turn by turn directions

Snap-C1C5B0C1-1

If only it could tell me where I am right now …

Anyway, it really justifies the cost of the unlimited internet connection I have to pay Cingular every month.

VMWare for Mac Beta has opened

December 22, 2006 in MacOS, Virtualization by jc | No comments

Today, the VMWare Fusion Beta program opened :

The new VMware desktop product for the Mac, codenamed Fusion, allows Intel-based Macs to run x86 operating systems, such as Windows, Linux, NetWare and Solaris, in virtual machines at the same time as Mac OS X. It is built on VMware’s rock-solid and advanced desktop virtualization platform that is used by over four million users today.

I’ve tried to start a windows 2003 VM Image that was created on a PC, without any problem.

fusion

Running Solaris 10 in Parallels on Macbook

December 17, 2006 in MacOS, Virtualization by jc | No comments

I have been trying for the past few days to run Solaris 10/11 in parallels on a new macbook. The main issue I had was the JDS/gnome resolution adaptation with the 1280×800 resolution of the macbook.

Here are my steps :

  • I installed the new parallels beta (build 3036)
  • downloaded the free Solaris 10 update 3 from Sun’s web site. Download the DVD since it can be directly mounted in parallels.
  • create a new VM with the Solaris 10 type, but, before to finish, un-select the option to start the Solaris installation and edit the VM configuration to add a custom screen resolution of 1280×800.
  • start the VM to launch the install
  • log in an create a /etc/X11/xorg.conf with something like the one attached here (xorg.conf). Basically you need to add the Modeline lines (generated with /usr/X11/bin/gtf) and put 1280×800 in the appropriate Display subsections.

It should work. However, I’m still experiencing some duplicate keystrokes and garbled screen after VM resume (I have solved the later issue by switching multiple times between full screen and os window).

If anyone has any solution for these two problems, let me know.

« Older entries