On 24 November 2010 01:12, Brad Tilley <b...@16systems.com> wrote: > carlopmart wrote: > >> Advantages are very clear for me: provisioning, administration tasks, >> etc ... But I will to know disadvantages. What is your opinion from the >> point of view of security? > > I use virtualization for many things (mainly for the productivity > advantages that you list), but it has always bothered me because > virtualization is pretending. > > In Java, for example, the VM pretends about a lot of things that are not > true in the physical world. This makes it easy and convenient for > programmers. The problem is that they come to believe that the pretend > things are real and then make assumptions (when dealing with physical > machines) that are incorrect.
Yes, the virtualization of the programmable interval timer is one example where pretending makes for some crazy situations. Only a few nights ago, I patched a Debian ESXi 4.1 VM and when it rebooted it would not boot, stating that the PIT was not functioning. Time keeping is weird in x86 virtualization. I've seen Windows ESX VM's with time that not only stops and then suddenly jumps forwards, but even goes back! Seen the madness of a virtualized NTP server? VMware have a Timekeeping whitepaper that is sugar coated to say the least. All anyone need do is watch the advisories for VMware to soon realise that the choice is a trade off, where the drawbacks (security and weirdness) are as big as the benefits. And again, I say look at the Google research that found all implementations vulnerable. If security matters less than the cost of dedicated hardware, then use it. Shane
