In the ovirt, there is more than one virtual machine on the one node, than what method we use to detect between virtual machines are isolated from each other?
verifying isolation between virtual machines is really a tedious task. I give suggestions to start your work.
1) write inline assembly to be run from one virtual machine in order to access the files or some secrets.also try to kill process in one Vm from other VM.
2) study side channel attacks for vsphere and try to launch them in your setup
3) try to find footprints of process running in VM outside of that VM. read http://www.cs.utexas.edu/~shmat/shmat_oak12memento.pdf for some techniques
Related
After rebooting is it possible to open a Hyper-V virtual machine without going through the Manager? It seems like it is already running in the background or maybe it is just in its last state.
If the OS in the Hyper-V virtual allows for remoting and also it is on the same network as the attempt to open a remote desktop to that virtual.
Note that the default network adapter for a virtual will provide a different IP address than what the local network provides to the server. You will most likely want to create a network adapter (in Hyper-V) which shares the network card to the virtual and the virtual will get its IP address from the local network.
If you can ping it, then it can be remoted to..but other things within the virtual has to allow for remoting.
Upon reading the OPs comments, it is clear that the need is to launch the virtual outside of Hyper-V. Hyper-V uses VMConnect.exe to achieve that...and that is available.
One can do that in an elevated Powershell shell such as:
vmconnect {Local/remote computer name} {Virtual Name}
such as
vmconnect Hyperion W10-Zephyr
where Hyperion is the local computer name and W10-Zephyr is the virtual's name.
See also Connecting to Hyper-V virtual machines with PowerShell
What's the difference between process virtual machine with system virtual machine?
My guess is that process VM is not providing a kind of an operating system for the whole application for that OS, rather providing an environment for some specific application.
And system VM is providing an environment for an OS to be installed just like VirtualBox.
Am I getting it correct?
Another question is the difference between the two different implementation of system VM: hosted vs. stand-alone.
I'm a beginner studying OS, so easy and understandable answer would be greatly appreciated :)
A Process virtual machine, sometimes called an application virtual machine, runs as a normal application inside a host OS and supports a single process. It is created when that process is started and destroyed when it exits. Its purpose is to provide a platform-independent programming environment that abstracts away details of the underlying hardware or operating system, and allows a program to execute in the same way on any platform.
A System virtual machine provides a complete system platform which supports the execution of a complete operating system (OS),Just like you said VirtualBox is one example.
A Host virtual machine is the server component of a virtual machine , which provides computing resources in the underlying hardware to support guest virtual machine (guest VM).
The following is from http://airccse.org/journal/jcsit/5113ijcsit11.pdf :
System Virtual Machines
A System Virtual Machine gives a complete virtual hardware platform with support for execution
of a complete operating system (OS).
The advantage of using System VM are:
Multiple Operating System environments can run in parallel on the same piece of
hardware in strong isolation from each other.
The VM can provide an instruction set architecture (ISA) that is slightly different from
that of the real machine
The main draw backs are:
Since the VM indirectly accesses the same hardware the efficiency is compromised.
Multiply VMs running in parallel on the same physical machine may result in varied
performance depending on the workload imposed on the system. Implementing proper
isolation techniques may address this drawback.
Lets say I am running Windows 7 with two major processes I will call V and P.
V is a virtual machine running another instance of Windows 7, while P is the process that I want information about and both are on the 'top-level' operating system.
Can a process, C, which is being run by the Windows 7 inside V, get information about processes such as P from within V? In other words, can a process being run inside a virtual machine get any information about processes being run by the operating system which is also maintaining the virtual machine process? I feel like it would rely on the ability of the virtual machine process, if it is not programmed to specifically retrieve such information then it will not be possible.
I have read another topic about the difficulty of even detecting whether a process is being run by a virtual machine or not. Some feel it is not reliable or possible. I am not sure that there is a standard way to find this out yet, I believe the post was roughly 4 or 5 years ago.
So can this be done by process C, or will there need to be more standard routines to accomplish this task?
I don't believe it's possible for an operating system running under a virtual machine manager (e.g. (VMWare et al) to directly access information relating to the host operating system because by default most virtual machine managers attempt to fully isolate the host and guest systems.
That being said most virtual machine managers have mechanisms which allow the virtual machine to share data and communicate with the host system. By using these mechanisms it is possible for the host operating system to convey information about itself to the guest.
Option 1: A shared file
With shared networking between the host and the guest it would be possible to have the host system write the information to a file in the shared location and have the guest open and parse this file using CreateFile and a UNC path e.g. \\host\sharename\file.txt
Option 2: Data transfer via a socket or named pipe
Shared networking between the host and the guest would allow you to use the Windows Sockets or Named Pipe APIs to create TCP or UDP sockets, or a named pipe through which data can be exchanged.
This approach would involve a server application running on the host application, which writes the process information you're after to the socket or pipe, where it can be read by the guest system which runs a client process.
Option 3: Remote Windows Management Instrumentation (WMI) Query
WMI provides a standard means of getting information and interacting with many aspects of the windows operating system including information about processes.
This is probably the most complex option because by default WMI does not accept queries from remote hosts (ie. your VM), so the host machine would need to be configured to allow remote WMI queries.
Once configured WMI is easily usable via the WMI command line client (wmic.exe) so you could invoke it with a query like this:
In this example:
%HOST_NAME% Is the name of the system hosting your Windows 7 VM
%TARGET_PROCESS% is the process name of the process you want
information about
wmi \node:%HOST_NAME% process where name='%TargetProcess%' get executablepath
This particular query gets the executable path of %TargetProcess% but there are many more properties available as per the documentation for the Win32_Process WMI Class documentation1.
Option 4: Shared clipboard
Some virtual machine managers allow the guest system to access the host's clipboard so information can be exchanged between applications running on the guest and host.
I appreciate it's probably the least conventional option but you could conceivably use the Windows Clipboard API to write the process info to the host's clipboard, and then read the information into a process on the guest system.
1NB:Although the Win32_Process class documentation lists properties in title case (ExecutablePath) I found they only worked properly in a wmic query when written in all lower case (executablepath)
How much valid are the valgrind logs showing invalid accesses and data races,when running it in virtual machine and not in a native linux system. The reason being,in a virtual machine,everything is virtual.
Unless you are writing some kernel specific stuff I would say that they are all valid. Maybe just your virtual machine has different timings than real machine?
What I would like to do is create a clean virtual machine image as the output of a build of an application.
So a new virtual machine would be created (from a template is fine, with the OS installed, and some base software installed) --- a new web site would be created in IIS, and the web app build output copied to a location on the virtual machine hard disk, and IIS configured correctly, the VM would start up and run.
I know there are MSBuild tasks to script all the administrative actions in IIS, but how do you script all the actions with Virtual machines? Specifically, creating a new virtual machine from a template, naming it uniquely, starting it, configuring it, etc...
Specifically I was wondering if anyone has successfully implemented any VM scripting as part of a build process.
Update: I assume with Hyper-V, there is a different set of libraries/APIs to script virtual machines, anyone played around with this? And anyone with real practical experience of doing something like this?
Checkout Powershell Management library for Hyper-V on CodePlex. Some features:
Finding a VM
Connecting to a VM
Discovering and manipulating Machine states
Backing up, exporting and snapshotting VMs
Adding and removing VMs, configuring motherboard settings.
Manipulating Disk controllers, drives and disk images
Manipluating Network Interface Cards
Working with VHD files
You can actually script a fair number of tasks in MS Virtual Server:
http://www.microsoft.com/technet/scriptcenter/scripts/vs/default.mspx?mfr=true
http://msdn.microsoft.com/en-us/library/aa368876(VS.85).aspx
Also Virtual PC guy has got a ton of stuff on his blog about scripting Virtual Server/PC and now Hyper-V here:
http://blogs.msdn.com/virtual_pc_guy/default.aspx
VMware has similar capabilities:
http://www.vmware.com/support/developer/scripting-API/