Categories
Sponsors
Archive
Blogroll Badges
Community
|
Posted in Virtual Machine Manager | No Comment | 6,745 views | 23/01/2011 12:19
I did a deep research on “Install Virtual Guest Services” feature in SCVMM. You can reach Part 1 from this link: I made a few more tests with Install Virtual Guest Services feature. I took a few snapshots during the installation. VMMGuestAgent.exe has no command line help options but as you see, it works with some parameters.
VIRIDIAN is the codename of Microsoft Virtualization. It seems, VMMGuestAgent.exe is like really old command line tool from SCVMM RC release. HVIC3 is like Hardware Integration Components 3.. Actually I don’t know what it means, I just guess. Looks like, SCVMM uses BITS technology to put an exe file into VHD file of Virtual Machine. Let’s see its dependencies: I removed all security permissions from VMMGuestAgent.exe for test. I clicked “Install Virtual Guest Services” again and result: As you see, it gived permission error. Then I gave Administrator permissions to VMMGuestAgent.exe for another test. After same operations, result is same: So it’s clear that SCVMM does not act like Administrator. It does not have any Administrator privilege in VM. It simply uses Local System Account. So I removed VMMGuestAgent.exe and stopped RPC service. After I disable service, SCVMM gaved another error. So It seems somehow SCVMM uses RPC. But there was no ethernet card on VM. I have so many question about that. I hope someone from Microsoft can reply my questions.
Posted in Hayattan | 1 Comment | 6,241 views | 14/01/2011 21:12
2 years ago, I started blogging. Now I’m really happy to go in 3rd years. Two years past with (*Google Analytics): 457 Posts
165 Comments 59,911 Absolute Unique Visitors 75,866 Visits 128,801 Pageviews My first post was about 24 (TV Series) and posted 14.01.2009. You can see that post from this link (in Turkish): I hope everything goes well in this year and I can share with you..
Posted in Virtual Machine Manager | 4 Comments | 174,165 views | 14/01/2011 13:42
I research a feature called “Install Virtual Guest Services” in SCVMM. We know, Hyper-V virtual machines are completely isolated from Parent partition. But a few days ago, Benjamin posted an article about data exchange between Parent Node and Virtual Machines. You can reach that post from this link: What Physical Computer am I on? After this post, I tried to figure out how really works this process. So I figured out, Hyper-V Data Exchange service is responsible about Registry changes. That means, you can send information or fetch information directly from virtual machine without any authentication. Because Data Exchange services runs as Local Service and has rights to write on specific area of registry as Taylor’s post. Please check this link too: Hyper-V Data Exchange Service I asked a question on Benjamin’s blog about this situation and he answered: We do not see this as a security risk. We have always designed our system with the assumption that the bad guy in a VM would be able to figure out that they were in a VM – and then ensure that there is nothing that they could do with that information. In this case – the only real risk is that a bad guy could try to launch a network based attack against the host (in which case – being in a VM gives them no advantage when compared to being a seperate physical computer)
If this is a concern to you – there are two options you could take: 1) Configure the virtual machines so that they cannot attempt to connect to the host over the network. To do this configure an “external only” network that connects to a different physical network than the one the host is connected to. 2) Disable the data-exchange integration services under the virtual machine settings (which will stop this information from being sent in the first place). and yes, this is the same “Microsoft” who requires certificate authentication between SCOM servers and clients because of security concerns. So getting information from internal clients via SCOM is not secure and that’s why you have to use certificate between servers, but getting or sending information between Hyper-V Parent Node and Virtual machines is not a security risk? Strange.. So I know a feature in SCVMM called “Install Virtual Guest Services”. If you click “Install Virtual Guest Services” for a virtual machine, process goes with these steps: 1. step: it attachs vmguest.iso to virtual machine.
2. step: reboot virtual machine with that iso. 3. step: after starting Windows, it executes vmguest.iso and installs it automatically. (without any authentication) Yes, without authentication. Is that means you can execute a script or maybe exe, without any authentication, inside a virtual machine? If it is true, how? I made a test to figure out situation. Results are really unexpected. You can install virtual guest services with clicking “Install Virtual Guest Services” feature in SCVMM. To do that, just create a new virtual machine with blank disk template and install a Windows Server. Then turn off the virtual machine and click the “Install Virtual Guest Services”. So let’s see what happens really when you click “Install Virtual Guest Services”. As a first step, it starts virtual machine: Then installs Virtual Guest Services and shut downs virtual machine: Now process is completed: Now I’ll show you what really happens inside the virtual machine. I installed a Windows Server 2008 SP2. After installation, mouse integration is not available. So I did shut down the virtual machine. Clicked “Install Virtual Guest Services” from SCVMM. I went to Hyper-V console to watch what really happens and I saw this: SCVMM calls a service inside VM and you only see “Interactive Services Dialog..” I don’t know what really it is, but it’s something to execute scripts. I tried to find out what services really do that. Update 1: I captured detailed screens of “Interactive Services Dialog Detection”. If you click “Show me the message”, you see installation of integration components: So I disabled all Hyper-V services inside the Virtual Machine. Also I disabled Hyper-V offers. I checked SCVMM and it sees “no service offering” too. Then I did same thing and clicked “Install Virtual Guest Services” via SCVMM. But nothing changed. Without any integration services and without any Hyper-V offers, SCVMM successfully updated my Virtual Machine! Also strange thing is SCVMM can watch all steps. If somehow process does not go well, SCVMM can see that and gives you warning. After finish of process, SCVMM shows you a process report. For example, I installed Windows Server 2003 R2 and clicked “Install Virtual Guest Services”. SURPRISE! SCVMM gave error because you can’t install integration services on Windows Server 2003 R2. You need at least Windows Server 2003 R2 SP2 to install Hyper-V integration services. So what happened? SCVMM tried to install integration services but Windows gave “You need newer version of Windows to install” and SCVMM got that error and finished the update process. That means SCVMM can really detects failed process inside the virtual machine without any authentication. But how? Update 2: I found some traces of process. What is the C:\VMMGuestAgent.exe and where did it come from? I checked after installation but there is no file called “VMMGuestAgent” in C drive. Also a message to SCVMM team. There is a typo error in message. “The server must be rebooted by SCVMM to intall virtualization components.” You should change that as “install” :) By the way, there is no information about “VMMGuestAgent.exe” on Technet, or even Google! :) So far I have two questions: 1) How really “Install Virtual Guest Services” works? I hope someone can answer my questions. I think that’s really strange situation.
Posted in Linux Server, Virtual Machine Manager | No Comment | 7,081 views | 11/01/2011 13:59
You can use CentOS on Hyper-V with 4 vCPU. !!! PS: EXPERIMENTAL – Just Use This Kernel Source for Test Purposes !!! 1) Install a clean CentOS 5.5 x64 without logical volume 2) Use commands below to update your virtual machine:
Check the content below. Remove the bold duplicate lines and save it. echo “Loading dm-log.ko module”
insmod /lib/dm-log.ko echo “Loading dm-region-hash.ko module” insmod /lib/dm-region-hash.ko echo “Loading dm-region-hash.ko module” insmod /lib/dm-region-hash.ko echo Waiting for driver initialization. stabilized –hash –interval 1000 /proc/scsi/scsi Continue with commands below.
After turned off your virtual machine, go to settings and remove Legacy Network Ethernet.
Now add Synthetic Network Ethernet and 4 CPU. Power on virtual machine.
Posted in Linux Server, Virtual Machine Manager | 1 Comment | 10,651 views | 10/01/2011 11:48
Actually you can use Centos with Hyper-V Linux Integration Components. But if you upgrade your kernel, you should re-apply LIC again. So you can try applying new kernel with pre-compiled Hyper-V drivers. But as you know, if you apply custom kernels on Centos, your Centos will be no longer supported. So apply this with your own risk.
In the menuconfig, you should be careful about 3 things. If not, your new kernel may give kernel panic. 1) First, always enable this feature to eliminate boot failures. General Setup -> Enable deprecated sysfs features to support old userspace too
2) Disable paravirtualized guest support to build rpm. Processor type and features -> Paravirtualized guest support
3) Disable Virtualization feature. Virtualization
Also you can append a version for Hyper-V. General setup -> Local Version – append to kernel release
You can exit from menuconfig by saving the config. After that do:
And append the following lines:
After the changes, you can go with making RPM:
You can find your RPMs in /usr/src/redhat directory.
Posted in Linux Server, Virtual Machine Manager | 13 Comments | 27,142 views | 07/01/2011 23:29
I created a new kernel image for Debian x86 (32 bit). If you have to use 32bit OS for your application needs, you can use this deb packages to upgrade your kernel. Also you will have integrated shutdown feature. 1) Install a clean Debian 5.0.6 2) Do following:
That’s it. Reboot your server with new kernel.
Posted in Linux Server, Virtual Machine Manager | 24 Comments | 45,791 views | 07/01/2011 16:51
If you have a kernel image for your Linux virtual machine, it’s easy to upgrade your kernel for Hyper-V support. 1) Install a clean Debian virtual machine (Use emulated Ethernet card and 1 vCpu) 2) Use commands below to update your virtual machine:
At menuconfig, go to: Device Drivers -> Stagging Drivers Now choose Microsoft Hyper-V Client Drivers After that you can enter to exit with saving changes. Use commands below to continue:
After this process, you will find your two .deb files in /usr/src directory. Possible problems: 1) You may get this error when you try to compile kernel.
Please check this page to fix this issue: 2) You may get this error when you try to compile kernel.
Please check this page to fix this issue: If you get different problems, please report to me. |