programming and human factors
by Jeff Atwood
Lately I've been spending more and more time inside virtual machines. Whenever I need to try out a new bit of software, whether it's a small shell extension, or a giant product like Team System-- I tear off a new VM first. I don't want to junk up my primary install until I'm totally confident I know what that software does. It's guilty until proven innocent.
In fact, I'll go one step further. I think all software will eventually be distributed as virtual machine images. And why not? Consider the advantages:
And virtual machine software keeps getting cheaper, too. Parallels Workstation is only $45, and VMWare offers their free player which runs both VMWare and Virtual PC images. Virtual PC is effectively free for any developer with an MSDN subscription.
All we really lack, I suppose, is VM built into the operating system as a first-class citizen rather than a standalone application. But the solipsist operating system is surely coming:
solipsism (n): a theory holding that the self can know nothing but its own modifications and that the self is the only existent thing.
Eventually, all applications will believe they're the only applications in the world. And they'll be right.
"The operating system doesn't matter."
So then could this lead to these "out of the box" vm image installs having smaller, custom versions of an OS, with only the features it needs to run? Or even a fully custom OS that is not a subset of some existing one... or none at all - the app running right on the metal? Could we see an explosion of mini-OS's, with Windows relegated to little more than a platform for managing VM's and the interop between them?
Kyle Bennett on January 18, 2006 1:49 AM"Not sure. As a pure guess, I'd say as long as the single machine has an OS license, you can run as many VMs as you want on that machine using that same OS."
Microsoft really needs to answer this. They are avoiding this question.
I have an MSDN subscription and I have installed a copy of Windows XP Pro onto a Virtual PC hard disk. Can I copy this disk image at will and have an unlimited number of copies sitting around ready to be used? If not, how many copies am I allowed to have? Do I need to make sure that only one copy is running at a time? I have no intention of sharing any of these copies with anyone else. These are all for personal testing use.
This has to be a common question and there should be no reason to guess. What is the answer?
matt on January 18, 2006 2:14 AMI agree: Long live the virtual machine!
Microsoft surprised me and did The Right Ting when they released many Virtual PC VMs at the (Italian) launch of Visual Studio 2005. It is a great way to showcase technologies like BizTalk that require more than a simple setup.
VMs is the software/systems architects best friend; I am able to test major upgrades like new service packs and porting to .NET 2.0 on a VM before I dirty my machine with components I'm not able to remove. If it bombs I roll back the VM, if it works I upgrade my machine.
egilh on January 18, 2006 3:06 AMI would like to echo the comment about file management. Where are we putting all our important data? In this setup we would probably have a shared resource (on the network or the Internet) but what's to prevent those files from becoming corrupt? Are we going to have a virus/malware check there?
As far as keeping the image up to date, this is a non-issue. If (insert OS vendor here) decides to offer the capability of virtual machines, then you probably wouldn't create a VM from your crusty old intall disk, you would download a shiny new VM from their website (think Knoppix here). Dial-up users need not apply. (How do you update a fresh install of Windows XP sans service packs over a modem anyway? I would imagine that's like 200+Mb of updates.)
Chad Geidel on January 18, 2006 3:27 AMThere's a great interview with Parallels, the authors of the $45 VM software, here:
http://www.virtualization.info/2006/01/virtualizationinfo-interviews.html
Jeff Atwood on January 18, 2006 3:53 AMThe industry would see to agree. In addition VMWare/Virtual PC, Microsoft is integrating "Windows hypervisor" into the Vista server. IBM/Sun/Novell/HP/AMD/Intel/Red Hat have all endorsed the open-source Xen virtualization project.
Ricky Dhatt on January 18, 2006 3:57 AMI definitely agree that MS needs to clarify this. It's a popular topic in their VPC newsgroups, and there is *nothing* clear coming out of Microsoft, almost as though they've been told not to comment. It's somewhat tricky when I'm suggesting that a corporate use virtualisation but can't say what the licensing cost should be. The safe way, of course, is to license every copy of a VM... very profitable for MS too. I go with the "one license per executing VM" for the most part.
On obvious solution is to use the Linux version of VMware and keep the OEM Windows license for your virtual machine(s).
(link above is to a href="http://www.microsoft.com/windowsxp/expertzone/newsgroups/reader.mspx?dg=microsoft.public.virtualpctid=b8e53da7-113a-49ad-9138-077dff7c7259lang=encr=USp=1"http://www.microsoft.com/windowsxp/expertzone/newsgroups/reader.mspx?dg=microsoft.public.virtualpctid=b8e53da7-113a-49ad-9138-077dff7c7259lang=encr=USp=1/a
Moz on January 18, 2006 5:02 AMHow would we solve application interoperability then? Clipboard service over TCP-IP? I don't like the idea, it would be too much of risks, and too many gates open for all kinds of worms and sp*ware...
Keff on January 18, 2006 5:10 AMSounds like you're pretty much describing what games consoles already do.
"I'm a Solipsist, and I must say I'm surprised there aren't more of us." - Letter to Bertrand Russell, according to popular legend.
How would we solve application interoperability then?
What type of interoperability do you need? I generally drag and drop files back and forth from VMs when I'm using Virtual PC. I can also map a "network" drive to one of my local folders, and the clipboard just works as you would expect it to..
Jeff Atwood on January 18, 2006 5:27 AMSounds like you're pretty much describing what games consoles already do
Partially, but our "console" would be running multiple apps at once in different VMs. Consoles never EVER run two games at once in any circumstances.
Jeff Atwood on January 18, 2006 5:33 AMIf you're dragging dropping files to local folders, what makes you so sure that you aren't dragging dropping an embedded virus?
Also, the more work you do in a virtual machine, the more time-consuming it will be to set up and maintain. Eventually, a virus will destroy your VM and you'll realize that your installation copy is way out of date and that you haven't made a recent backup of your files in the VM... and we're back at square one. Well, except for having to insert a physical boot CD I guess.
Chris Nahr on January 18, 2006 5:34 AM"Sounds like you're pretty much describing what games consoles already do"
Sounds like he's describing what Squeak and Smalltalk already do. The only difference is the sandbox portion of it. I'm not too familiar with how smalltalk VMs deal with system security.
A lot of linux hosting solution do exactly whar you are describing, they run each server application in what's called User Mode linux.
http://www.usermodelinux.org/
Silly questions:
1. If you have one legit copy of Windows XP, can you install (and register) the OS on as many VM's as you want?
2. Do you just install a new OS on one VM, and then make a copy of that virgin VM everytime you install new software?
3. Any opinion on what VM software is the fastest? In my experience with Virtual PC, it's pretty slow.
4. I thought I had heard that Vista was incorporating something like a VM. I guess you could say that the Restore Point is "kind of" a VM, but that's a BIG stretch.
5. I don't have a dual core chip (yet), but I would think that a DC would really speed up the VM, because you could assign the VM to the other processor.
I totally agree that VM's are an awesome way to test out software, especially betas. I wish I had stuck with my original shot at doing VS2005 betas on VMs, but it just ran too slow. After formatting the drive to get rid of the problems I had with trying to install the full release (after the betas), I think I would have opted to put up with the speed difference...
kludger on January 18, 2006 10:42 AMI'm most excited about virtual machines in the datacenter; I'd love to have a hardware platform that let me re-distribute the load across applications by just bringing up additional virtual servers. If I need a new web server, I bring up my Apache image; if my DB is running out of steam, I move the image onto a faster server with a better CPU.
Clustering and virtualization will work together to put a layer of soft machines over the hardware, making much better use of resources, and dramatically improving security. Of course, there's a pretty significant problem with per CPU licensing... this will probably give even more of an advantage to open source platforms in the datacenter environment. M$ and Oracle may need to give up per CPU licenses and move back to "Power Units"- licenses based on the number of clock cycles / second devoted to the application.
Tim Howland on January 18, 2006 10:56 AMsounds like z/OS (nee: OS/370)
Buggy Fun Bunny on January 18, 2006 12:32 PMIf you have one legit copy of Windows XP, can you install (and register) the OS on as many VM's as you want?
Not sure. As a pure guess, I'd say as long as the single machine has an OS license, you can run as many VMs as you want on that machine using that same OS.
Do you just install a new OS on one VM, and then make a copy of that virgin VM everytime you install new software?
That's how I do it (simple file copy), but there's a fancier way to do it using difference images that VMWare supports. However, these images can become fragile if the base image changes.
Any opinion on what VM software is the fastest? In my experience with Virtual PC, it's pretty slow.
Here are some benchmark links.
http://www.osnews.com/story.php?news_id=1054
http://arstechnica.com/reviews/apps/vm.ars/4
I don't have a dual core chip (yet), but I would think that a DC would really speed up the VM, because you could assign the VM to the other processor.
Definitely. And quad cores will be even better.
I think I would have opted to put up with the speed difference...
This is why VMs need super fast hardware. The upcoming CPU hardware support for virtualization (vanderpool, pacifica) will speed this up tremendously-- like 2x, 3x faster. Probably to the point that using a VM is just marginally slower than using the host.
Jeff Atwood on January 18, 2006 12:56 PMOne thought about this... virtualization software is extremely picky about what hardware is supported. While this might change it will be quite the feet to ensure that joe-bob's joystick for flight simulators is gonna work or billy's scanner is going to work. USB is even "extreme" in the VM world, ESX server is awefully picky about what it supports.
Nick on January 19, 2006 1:48 AMBut the solipsist operating system is surely coming:
You mean ESX server? Runs on the hardware, provides support for virtual machines (and only virtual machines). I suspect you could write something interesting using their scripting environment, but I'm not sure why you'd bother.
Moz on January 19, 2006 11:02 AM"Not sure. As a pure guess, I'd say as long as the single machine has an OS license, you can run as many VMs as you want on that machine using that same OS."
Although the MSVPs insist you need a license for each machine, I rang MS Product support and asked and was told I could have a total of 4 instances IIRC.
However, the scenario I quoted was VirtualPC, Windows XP Pro running at home. It may be different if you are not using Virtual PC or (most likely) you are a corporate user.
In other words, call them and ask. Don't listen to anyone, including me.
Paul Coddington on January 19, 2006 12:20 PM"Although the MSVPs insist you need a license for each machine, I rang MS Product support and asked and was told I could have a total of 4 instances IIRC."
Assuming you mean MS MVPs then yeah - rightly or wrongly we're only passing on what Microsoft have told *us*.
Answers on the subject from Microsoft employees in their newsgroups are quite google-able, incidentally.
There is an interesting wrinkle with the volume licenced versions of Windows OS and virtualisation which makes things a bit easier. Also google-able - as I can't remember the *exact* details and don't want to misspeak.
Robert Moir on January 25, 2006 8:51 AMHi Jeff,
Your article inspired me to write up a post on my experiments so far with virtualization:
a href="http://macrolinz.com/macrolinz/index.php/2006/02/07/better-living-through-virtual-machines/"http://macrolinz.com/macrolinz/index.php/2006/02/07/better-living-through-virtual-machines//a
I'd love it if you'd take a look and leave some advice if you have it. Some of the issues I have run into are related to your "software will run in it's own VM" idea. Ultimately I agree with you, though I still think it will be a while (read: a couple of years, maybe) until what you propose is a viable option. Cool article though and I share your enthusiasm for making the OS irrelavant.
Lindsay on February 7, 2006 6:28 AMI wonder who the major vm provider is going to be for the future since we now have vmware, parallels, bochs, QEMM, and a few others to choose from. It creates the issue of compatability between images for those virtual machines which has always been the problem with compatability between operating systems for file types and processor differences. Solving the old problem, only to create it a new way?
James Wasil on September 19, 2007 7:08 AMJust some comments on your "all software will eventually be distributed as virtual machine images" points:
It's the ultimate security sandbox
I think putting everything through a VM might be overkill in this case. In your example you talk about IE and how its security holes broke the OS. I think an easier solution (in terms of using existing hardware / software) would be to fix the OS so userland applications don't run as root, or some kind of OS which makes sure applications can't access the OS.
The operating system doesn't matter
Java rings a bell here :)
So instead of having a host OS which has all applications downloaded as VMs, you can instead have an OS which is based on a *NIX operating system which only runs Java apps :)
-jklp
P.s. love the blog, keep up the good work :)
Hi Jeff,
Just happened to read ur blog. You have presented some great arguments and insights towards the future of VMs. I am myself an implementor of VMs - as a student I created VMs from my own specifications for my own hypothetical machine with its own byte-code language and machine architecture.
Nowadays I am into writing an object oriented VM, much like the JVM and CLR, and somtehing of an Intel emulator; I was considering the possible benefits of a VM environment - how CORBA and XML standards can be integrated into it, how virtualzations can alleviate, if not eliminate security threats,etc.
I hope that future microprocessors will lead to faster and safer execution of VM based applications.
Sondhi Chakraborty on February 10, 2008 5:29 AM…QEMM…
Quarterdeck Extended Memory Manager!? :)
A couple of years have passed since the article and virtualization was last years hot-topic buzzword and will be even hotter and buzzier this year. Every issue of every trade paper I read has articles on virtualization and consolidation.
This article was more of a security/sandbox scenario, but enterprises are now moving toward virtualization to consolidate servers. Instead of having five servers running at 10% capacity, stick them all on the same physical box and you save on hardware, energy, and cooling. It is not only cheaper and easier to run and maintain, but it is greener too. At least that’s the goal now.
Of course virtual machines still have other (original?) uses as well, like sandboxing for security vendors to test and running old OSes so that gamers can play classic DOS games. :)
As for the questions about licensing, check the EULA. Many have updated to account for VMs, and even before virtualization became prominent, EULAs often specified what they consider to be a computer; usually they will say something like “per CPU” or these days even “per core”.
Oh, and I can’t for the life of me find it right now, but I do remember reading in 2006 or 2007 about a proof-of-concept virus that is able to not only detect that it is running in a VM, but to escape/break out and infect the host. There are already plenty of places where you can find code to detect whether it is running in a VM, debugger, etc.
It is just a matter of time until VMs become bigger targets, especially as more businesses deploy them. In fact, just this afternoon I read an aritcle about how VMware is teaming up with McAfee et. al to create the VMsafe API to faciliate securing VMs, and yesterday another article about the need for admins to treat VMs as they do physical machines and install security software, policies, etc. on them.
Alec Soroudi on April 2, 2008 4:21 AMChris Nahr has a good point - it's easy to get careless with your VM's and forget to patch them like you would a "real" machine. An unpatched but network connnected machine on a corporate network can let worms in, and it doesn't help that it's virtual.
Jon Galloway on February 6, 2010 9:47 PMThe comments to this entry are closed.
Subscribe in a reader
Subscribe via email
|
|
Traffic Stats |