Search Results

Search found 17990 results on 720 pages for 'virtualization option'.

Page 9/720 | < Previous Page | 5 6 7 8 9 10 11 12 13 14 15 16  | Next Page >

  • Security Access Control With Solaris Virtualization

    - by Thierry Manfe-Oracle
    Numerous Solaris customers consolidate multiple applications or servers on a single platform. The resulting configuration consists of many environments hosted on a single infrastructure and security constraints sometimes exist between these environments. Recently, a customer consolidated many virtual machines belonging to both their Intranet and Extranet on a pair of SPARC Solaris servers interconnected through Infiniband. Virtual Machines were mapped to Solaris Zones and one security constraint was to prevent SSH connections between the Intranet and the Extranet. This case study gives us the opportunity to understand how the Oracle Solaris Network Virtualization Technology —a.k.a. Project Crossbow— can be used to control outbound traffic from Solaris Zones. Solaris Zones from both the Intranet and Extranet use an Infiniband network to access a ZFS Storage Appliance that exports NFS shares. Solaris global zones on both SPARC servers mount iSCSI LU exported by the Storage Appliance.  Non-global zones are installed on these iSCSI LU. With no security hardening, if an Extranet zone gets compromised, the attacker could try to use the Storage Appliance as a gateway to the Intranet zones, or even worse, to the global zones as all the zones are reachable from this node. One solution consists in using Solaris Network Virtualization Technology to stop outbound SSH traffic from the Solaris Zones. The virtualized network stack provides per-network link flows. A flow classifies network traffic on a specific link. As an example, on the network link used by a Solaris Zone to connect to the Infiniband, a flow can be created for TCP traffic on port 22, thereby a flow for the ssh traffic. A bandwidth can be specified for that flow and, if set to zero, the traffic is blocked. Last but not least, flows are created from the global zone, which means that even with root privileges in a Solaris zone an attacker cannot disable or delete a flow. With the flow approach, the outbound traffic of a Solaris zone is controlled from outside the zone. Schema 1 describes the new network setting once the security has been put in place. Here are the instructions to create a Crossbow flow as used in Schema 1 : (GZ)# zoneadm -z zonename halt ...halts the Solaris Zone. (GZ)# flowadm add-flow -l iblink -a transport=TCP,remote_port=22 -p maxbw=0 sshFilter  ...creates a flow on the IB partition "iblink" used by the zone to connect to the Infiniband.  This IB partition can be identified by intersecting the output of the commands 'zonecfg -z zonename info net' and 'dladm show-part'.  The flow is created on port 22, for the TCP traffic with a zero maximum bandwidth.  The name given to the flow is "sshFilter". (GZ)# zoneadm -z zonename boot  ...restarts the Solaris zone now that the flow is in place.Solaris Zones and Solaris Network Virtualization enable SSH access control on Infiniband (and on Ethernet) without the extra cost of a firewall. With this approach, no change is required on the Infiniband switch. All the security enforcements are put in place at the Solaris level, minimizing the impact on the overall infrastructure. The Crossbow flows come in addition to many other security controls available with Oracle Solaris such as IPFilter and Role Based Access Control, and that can be used to tackle security challenges.

    Read the article

  • LSI 9211-8i won't boot in KVM

    - by Paul McMillan
    I'm running ubuntu 11.04 with an LSI 9211-8i in IT mode with the latest firmware (10). I'm using KVM with VT-d enabled to pass the entire PCIe device through to the guest OS. I have the device disabled in the system BIOS. When I boot my virtual machine, the adapter quits during bios initialization with the following error: Unable to load LSI Corporation MPT BIOS MPT BIOS Fault 0Ch encountered at adapter PCI(00h,04h,00h) Press any key to continue... I know the virtualization is correctly enabled. I've blacklisted the kernel modules in the host OS. Has anyone else encountered this error? I'm about out of ideas here. Edit: I contacted LSI tech support about this, and they suggested that I try RedHat and Xen. Apparently they don't test or support anything else.

    Read the article

  • NFS and KVM. Slow Speed

    - by Javier Martinez
    I have a KVM virtualization in Debian with 2 guests (Debian and Windows 2008). I want to have a 'mount point' shared that can be accessed by the 3 system (host and 2 guests) at the same time. So the only thing that I found was a NFS/SMB network storage. I picked NFS Due to my Ethernet network (10/100), the speed average that I get between accessing/transfering files between the 3 system is always 8~10MB/s. The point is if is there any chance of get a boost system for sharing files between 3 system (at the same time) without wasting the speed of my SATA disks. I mean, without the Ethernet limitation of 10 MB/s

    Read the article

  • KVM/Qemu Guest Shutdown problems

    - by Gaia
    on both host and guest running CentOS 6.3 with KVM/Qemu virtualization, I have the following scenarios: "virsh shutdown kvm1" did not shutdown at all. virsh lists guest as running. "service libvirt-guests stop" did not shutdown in 280 seconds (shutdown_timeout=300. on_shutdown=shutdown) "shutdown now" from within guest, guest becomes unreachable. virsh lists guest as running, though it could not connect to it. "shutdown -h now" from within guest works. "shutdown -r now" from within guest works. Libvirt logs show nothing for the first 3 scenarios. I can pause the guest fine. Bottom line, I cannot shutdown from outside the guest. What do I check to figure out what is going on?

    Read the article

  • Why use FQDN as DNS-server option in DHCP?

    - by Filip Haglund
    I've seen multiple default configurations of DHCP-servers with a FQDN set as the DNS-server option. Doesn't this imply a catch-22, or the need for that DNS-server to be in the hosts file of every single client? example from dhcp3-server in debian 6: option domain-name-servers ns1.internal.example.org; I can see how using a dns name is convenient because it's only an A-record to change, and they can be load balanced if wanted, but I don't see how the client is going to resolve the name. Why are people using FQDN's as DNS-server addresses in DHCP?

    Read the article

  • Does the Acer Ferrari One support hardware assisted virtualization?

    - by cmeerw
    Does anyone know if the Acer Ferrari One supports hardware assisted virtualization (it should easy to find out by running Microsoft's Hardware-Assisted Virtualization Detection Tool on that machine). There is lot's of speculation around the web, but I haven't found a definitive answer yet (and would like to confirm that this feature will be working before buying one).

    Read the article

  • DOAG 2012 and Educause 2012

    - by Chris Kawalek
    Oracle understands the value of desktop virtualization and how customers have really embraced it as a top tier method to deliver access to applications and data. Just as supporting operating systems other than Windows in the enterprise desktop space started to become necessary perhaps 5-7 years ago, supporting desktop virtualization with VDI, application virtualization, thin clients, and tablet access is becoming necessary today in 2012. Any application strategy needs to have a secure mobile component, and a solution that gives you a holistic strategy across both mobile and fixed-asset (i.e., desktop PCs) devices is crucial to success. This means it's probably useful to learn about desktop virtualization, even if it's not in your typical area of responsibility. A good way to do that is at one of the many trade shows where we exhibit. Here are two examples:  DOAG 2012 Conference + Exhibition The DOAG Conference is fast approaching, starting November 20th in Nuremberg, Germany. If you've been reading this blog for a while, you might remember that we attended last year as well. This conference is fantastic for us because we get to speak directly to users of Oracle products. In many cases, those DBAs, IT managers, and other infrastructure folks are looking for ways to deal with the burgeoning BYOD model, as well as ways of streamlining their standard desktop and access technologies. We have a couple of sessions where you can learn a great deal about how Oracle can help with these points. Session Schedule (look under "Infrastruktur & Hardware") The two sessions focused on desktop virtualization are: Oracle VDI Best Practice unter Linux (Oracle VDI Best Practice Under Linux) Virtual Desktop Infrastructure Implementierungen und Praxiserfahrungen (Virtual Desktop Infrastructures Implementations and Best Practices) We will also have experts on hand at the booth to answer your questions on using desktop virtualization. If you're at the show, please stop by and say hello to our team there! Educause 2012  Another good example is Educause. We've gone the last few years to show off a slough of education oriented applications and capabilities in the Oracle product portfolio. And every year, we display those applications through Oracle desktop virtualization. This means the demonstration can easily be setup ahead of time and replicated out to however many "demo pods" that we have available. There's no need for our product teams to setup individual laptops for demos -- we can display a standardized Windows desktop virtual machine with their apps all ready to go on a whole bunch of devices like your standard trade show laptop, our Sun Ray Clients, and iPad. Educause 2012 just wrapped, so we're sorry we missed you this year. But there is always next year! Until then, here are a few pictures from this year's show: You can also watch this video to see how Catholic Education Australia uses Oracle Secure Global Desktop to help cope with the ever changing ways that people access their applications.  -Chris 

    Read the article

  • AMD Fusion GPU passthrough to KVM or Xen

    - by BigChief
    Has anyone successfully gotten a passthrough working with the GPU portion of AMD's Fusion APUs (the E-350 is my target) on top of a Linux hypervisor? IE, I want to dedicate the GPU to one VM only, excluding all other VMs as well as the host. I know PCI passthrough can work with patches / kernel rebuilds for Xen and KVM. However, since the GPU is on the same chip, I don't know if the host OS will see it as PCI. I know there are a number of tangential issues here, such as: Poor Fusion drivers in Linux at the moment Unsuccessful patching efforts seem common VT-d / IOMMU is required and (from my reading) is supported on the APU, but the motherboard may not offer it KVM doesn't appear to support primary graphics cards, only secondary graphics cards (described here) However, I'd like to hear from anyone who has messed with this, even failed attempts. Fedora + KVM is my preferred virtualization platform but I'm willing to change that if it makes a difference. EDIT: The goal is to do this for a Windows 7 guest (I know it's asking a lot). Regardless, just assume this is HVM, not PV.

    Read the article

  • How to place a virtual machine in DMZ?

    - by Giordano
    I have an Ubuntu 12.04 server running few virtual machines with KVM. I would like to expose some of these virtual machines on the internet, to make it possible for customers to test the products we're developing and make available other products for demo purposes. One of the server NICs is configured with a public IP. However before exposing anything on the web I would like to be sure that if one of the virtual machines get compromised, the attacker doesn't reach the rest of the hosts. What I would like to do is to put these virtual machines into a DMZ. These are the steps I'm planning to do: Create a tap interface in the virtualization host (let's say tap1) Create a bridge using tap1 and give it an IP in a subnet separate from the other hosts. Let's say 10.0.0.1 Attach the DMZ virtual machines to the bridge and configure their IP statically (10.0.0.2, 10.0.0.3, etc...) Using UFW, forbid any traffic from 10.0.0.0/24 to any of the internal hosts, allow the traffic from the internal hosts towards 10.0.0.0/24 and expose the virtual machines on the web using port forwarding. Do you think this setup is safe? Can you suggest any improvement or a better/safer approach? Thanks in advance!

    Read the article

  • by jquery, set to option of html-select element selected atribude by text, not value

    - by loviji
    hello. I have a select element. <select class='cSelectType'> <option value="1">one</option> <option value="2">two</option> <option value="3">three</option> <option value="4">four</option> <option value="5">five</option> </select> i can by jquery set option value selected like this: $('.cSelectType option[value=4]').attr('selected', 'selected'); And select element will show "Four". By i wont something like this: $('.cSelectType option[xxx=Four]').attr('selected', 'selected'); i.e By text set selected attribute. some ideas please.

    Read the article

  • Check DHCP Option content

    - by Nathan Berviller
    Is it possible DHCP client check the contents of an option ? I need provisioning a Linux server with DHCP option 140 (option-140). But the server behaves as if the DHCP did not contain the information. In the file /var/lib/dhcp/dhclient.eth0.leases I do not see advanced DHCP options (option-140, option-141, option-142). How can I manually request the DHCP server to give me the contents of an option (to control the content) ? Bests Regards, Nathan

    Read the article

  • how to iterate through multiple select options with jquery

    - by amir
    I was just wondering if it's possible to go through multiple select options and get their values and text(if one is selected get the value and text, if 2 is selected get both of their values and text and so on) I have 15 select boxes in one page? any help would be appreciated. <form> <select class="select" name="select3" id="select3"> <option value="0">0</option> <option value="1.99">1</option> <option value="1.99">2</option> <option value="1.99">3</option> <option value="1.99">4</option> <option value="1.99">5</option> <option value="1.99">6</option> <option value="1.99">7</option> <option value="1.99">8</option> </select> </form> <form> <select class="select" name="select" id="select"> <option value="0">0</option> <option value="1.99">1</option> <option value="1.99">2</option> <option value="1.99">3</option> <option value="1.99">4</option> <option value="1.99">5</option> <option value="1.99">6</option> <option value="1.99">7</option> <option value="1.99">8</option> </select> </form> all the select options have the same class. thanks

    Read the article

  • Tying down a cloud by virtualizing everything and then locking VMs to real hardware as necessary

    - by tudor
    I'm looking for a cloud software solution that: Can run on both server and desktop machines; Virtualizes hardware and has the option of exposing each real machine to the cloud; Allows a VM to be "locked" to a set of real hardware capabilities and stay there until moved (e.g. a user's "real" desktop); Allows a VM to link to some types of devices elsewhere (e.g. USB/serial via ethernet); and Is geography-aware to control movement of VMs between real networks. I'm aware that this may be the holy grail of virtualization, and I've searched alot. Some solutions appear to meet some criteria but not others. Most cloud implementations appear to ignore real hardware, for example. I realise that this may be solved by using three different implementations in combination: A standard cloud server farm. A bare-metal network backup utility with PXEBoot. VNC and/or VDI. (VNC obviously would require the real hardware to be running.) This combination, however, has some serious drawbacks that I'd like to solve by treating it as one system. My explanation follows... I have a network of real servers and desktops in multiple locations. I've virtualized servers before using Virtualbox and that's worked quite well. I've even connected USB devices to VMs on servers. I would like to virtualize the desktops in all my offices to facilitate movement of desktops, remote access (e.g. VDI) and bare-metal backups. However, I know that there are problems with this. For example, some desktops have specific hardware (e.g. 3D graphics cards, USB devices, etc) that limit their mobility. Geographic constraints also limit movement in that VMs can be moved easily within offices, but transferring between offices is not always preferable. What I would like to find is a system that can virtualize everything from bare-metal easily by maintaining an abstraction layer on each client and server machine that exposes the hardware available and runs as a cloud. Then certain VMs would be "locked" to specific hardware (so that, e.g. the VM runs only on their own desktop.) This would be required for situations where speed is important (e.g. 3D graphics pass-through). In addition, abstracted low-speed devices (e.g. USB) could be piped from real hardware to a VM in the cloud. This is important since if a VM is taken down, another VM can connect to the real hardware for minimum downtime.

    Read the article

  • recommendations for efficient offsite remote backup solution of vm's

    - by senorsmile
    I am looking for recommendations for backing up my current 6 vm's(and soon to grow to up to 20). Currently I am running a two node proxmox cluster(which is a debian base using kvm for virtualization with a custom web front end to administer). I have two nearly identical boxes with amd phenom II x4's and asus motherboards. Each has 4 500 GB sata2 hdd's, 1 for the os and other data for the proxmox install, and 3 using mdadm+drbd+lvm to share the 1.5 TB's of storage between the two machines. I mount lvm images to kvm for all of the virtual machines. I currently have the ability to do live transfer from one machine to the other, typically within seconds(it takes about 2 minutes on the largest vm running win2008 with m$ sql server). I am using proxmox's built-in vzdump utility to take snapshots of the vm's and store those on an external harddrive on the network. I then have jungledisk service (using rackspace) to sync the vzdump folder for remote offsite backup. This is all fine and dandy, but it's not very scalable. For one, the backups themselves can take up to a few hours every night. With jungledisk's block level incremental transfers, the sync only transfers a small portion of the data offsite, but that still takes at least a half an hour. The much better solution would of course be something that allows me to instantly take the difference of two time points (say what was written from 6am to 7am), zip it, then send that difference file to the backup server which would instantly transfer to the remote storage on rackspace. I have looked a little into zfs and it's ability to do send/receive. That coupled with a pipe of the data in bzip or something would seem perfect. However, it seems that implementing a nexenta server with zfs would essentially require at least one or two more dedicated storage servers to serve iSCSI block volumes (via zvol's???) to the proxmox servers. I would prefer to keep the setup as minimal as possible (i.e. NOT having separate storage servers) if at all possible. I have also briefly read about zumastor. It looks like it could also do what I want, but it appears to have halted development in 2008. So, zfs, zumastor or other?

    Read the article

  • Using virtualization infrastructure for J2EE application distribution- viable alternative?

    - by Dan
    Our company builds custom J2EE web solutions. At the moment, we use standard J2EE distribution mechanisms (ear/war archives). Application servers are generally administered by our clients' IT departments and since we do not have complete control over the environment, a lot of entropy can be introduced into the solution. For example: latest app. server patch not applied conflicting third party libraries inside the app. server root server runtime and tuning parameters not configured (for example, number of connections in database pool) We are looking into using virtualization infrastructure for J2EE application distribution. Instead of sending the ear/war archive, we’d send image with application server node and our application preinstalled. Some of the benefits are same as using with using virtualization infrastructure in general, namely better use of hardware resources. For us, it reduces the entropy of hosting infrastructure - distributing VM should be less affected by hosting environment. So far, the downside I see can be in application server licenses, here they will have to use dedicated servers for our solution, but this is generally already done that way. Also, there is a complexity with maintaining virtualization infrastructure, but this is often something IT departments have more experience with than with administering and fine-tuning J2EE solutions. Anyone has experience with this model? What are the downsides? Will we not just replace one type of complexity with other?

    Read the article

  • Any way to access the type of a Scala Option declaration at runtime using reflection?

    - by Graham Lea
    So, I have a Scala class that looks like this: class TestClass { var value: Option[Int] = None } and I'm tackling a problem where I have a String value and I want to coerce it into that Option[Int] at runtime using reflection. To do so, I need to know that the field is an Option and that the type parameter of the Option is Int. What are my options for figuring out that the type of 'value' is Option[Int] at runtime (i.e. using reflection)? I have seen similar problems solved by annotating the field, e.g. @OptionType(Int.class). I'd prefer a solution that didn't require annotations on the reflection target if possible.

    Read the article

  • Storage Virtualization Gets Serious

    Virtually Speaking: A torrent of products are being unleashed to meet the challenges of backing up virtual machines. From cloud storage to golden image management, virtualization technologies for storage are on the move.

    Read the article

  • Study: Security Lags in Datacenter Virtualization Projects

    Datacenter virtualization projects can open up security issues, according to research from Gartner....Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • Using the fsc mount option with nfsroot kernel parameter to allow FS-cache

    - by meanderix
    I'm PXE-booting a Ubuntu 10.10 system, where I specify the kernel parameters as follows: append root=/dev/nfs initrd=ubuntu-boot/initrd.img-2.6.35-24-generic nfsroot=11.22.33.44:/data/nfsroot,fsc ip=dhcp rw I need to use the mount option 'fsc' in order to use FS-cache functionality (the cachefilesd package.) However, when I try this I get the following error upon boot: nfsmount: bad option 'fsc' Why doesn't nfsmount permit this option? (It works fine when you mount manually with "mount -o fsc" after booting up.)

    Read the article

< Previous Page | 5 6 7 8 9 10 11 12 13 14 15 16  | Next Page >