Three Failings of Virtual Appliances

by Bob Plankers on March 12, 2012 · 4 comments

in System Administration,Virtualization

I’m torn when it comes to virtual appliances. I love them because they make a lot of installations absolutely brainless. I hate them because the people that create them make assumptions that are ridiculous and unsupportable. Here’s the three ways I hate them the most:

1. There’s no good way to back them up.

For organizations that haven’t gone the “whole VM” backup route there are very limited choices for backing these things up. Sometimes the virtual appliance has some method to export the configurations and data, but often not. And when there is a method it’s usually a web interface that cannot be automated.

What I want: virtual appliances should be able to export their configuration and data on a automated, scheduled basis, to a Windows share and via SCP. Since nearly all virtual appliances are Linux-based this shouldn’t be a big deal, since Samba is readily available, and SCP is a staple of OpenSSH. Both options would be nice but if you have to pick one pick the Windows share, since even Linux folks can run Samba, and it’s probably easier to script on the appliance side (you can write directly to it, unlike SCP where you would have to have a temporary holding spot). Scheduling isn’t an issue, either, since Linux has cron & at.

2. They want to DHCP.

My data center doesn’t use DHCP. Many places don’t. A VM that assumes it will be able to DHCP is a giant pain. Some do it right and allow you to configure a static IP after the boot process has completed, via the command line or console. Some do it poorly and only permit you to change the IP from a web interface. How exactly do I get to the web interface if the VM doesn’t have an IP? I end up having to run a DHCP server on an internal dvSwitch portgroup just to configure the VM.

What I want: virtual appliances should always allow people to easily configure static networking addresses from the console, for both IPv4 and IPv6. And the IPv6 stack should not be enabled unless it’s specifically configured by a user, either for autoconfiguration or static configurations. It also needs to allow full control of the classic settings, like gateway, address, etc.

3. They are seething pits of evil, security-wise.

Let’s just face it, virtual appliances never get patched. They’re giant security holes, and I’ve had a few of them get hacked when they’ve been on a public-facing network, using vulnerabilities that were patched six years prior. You can’t firewall them to protect them, either, because the holes are in the applications (which you have to grant access to). Updates are never released in a timely fashion, and there’s usually no working way to update the virtual appliance. So, in my opinion, as of this writing, you cannot use any virtual appliances in any public-facing manner.

What I want: virtual appliances should be updated no less than quarterly so they contain the latest patches. People who create virtual appliances should use the latest patch levels, and scan their products prior to release with Nessus in order to check for vulnerabilities. It would be nice if you allowed end users to update the appliance, after allowing them to export the configurations & data (see complaint #1 above). Full host-based firewalls should be enabled on all virtual appliances, for IPv4 and IPv6, for ingress and egress traffic, and nothing should be permitted in or out unless it’s absolutely necessary. Last, an appliance should have no software installed on it that isn’t 100% necessary for the function of the appliance, or support. Not wasting my disk space is just polite, plus the less software you install the less of a security profile I have to worry about.

So, in short, if you’re a virtual appliance creator I wish you’d get it together! I’d love to see many products shipped as appliances, but I cannot run them until you fix some of these operational issues.

{ 4 comments }

How To Boot Into The Apple Boot Camp Menu

by Bob Plankers on March 8, 2012 · 2 comments

in How To,Outright Rant

One of my goals for this blog is to make things that are difficult to find on the Internet less difficult to find, and one of those things is the key to hold in order to boot into the Apple Boot Camp menu at system startup. Finding that information once a year when I need it is always a many-step process, because the Apple documentation is wordy and doesn’t just come out and say:

Hold the Option key down.

Or Alt if it’s a PC keyboard.

 

There’s also the Boot Camp control panel, too, but obviously you did not, or could not, use it, which is why you were searching for the keystroke combination instead. Hopefully you didn’t have to endure too many answers to questions you didn’t ask before you found this.

Thank you for indulging me. Good day & good luck.

 

{ 2 comments }

AIX 6.1 & 7.1 Daylight Savings Time Issue

by Bob Plankers March 7, 2012 System Administration

If you’re running IBM AIX 6.1 or 7.1 at various SP & TL levels you might want to pay attention to a potentially big timezone/DST issue that my AIX coworkers have been struggling with this week. In short, the Daylight Savings Time code doesn’t work right and causes the time to change at incorrect times. [...]

0 comments Read the full article →

Dell PowerEdge 12G Is Here

by Bob Plankers March 6, 2012 Hardware

Over the last week there’s been a number of different posts about the new Dell PowerEdge models, the 12th generation (12G) of their server line. I was briefed both by Dell technical staff and by Dell executive staff on the Rx20 lineup and I took a few notes. I was mainly briefed about the Dell [...]

1 comment Read the full article →

Is it possible to have too much monitoring?

by Bob Plankers March 5, 2012 System Administration

In the category of shameless self-promotion[0] I’m one of the SolarWinds thwack Ambassadors for the month of March, and I’ve posted my first discussion topic, asking whether it’s possible to ever have too much monitoring. If you’re not familiar with thwack it’s the SolarWinds community site, it’s great. I’ve been in orbit around SolarWinds since [...]

Read the full article →

Take A Break

by Bob Plankers February 28, 2012 System Administration

I recently returned from a two week trip to New Orleans, for rest & relaxation. And it reconfirmed for me my suspicions that sometimes the best thing I can do, from a process & procedure standpoint, is to leave for a while. Banks usually have a mandatory absence policy as part of their internal controls. [...]

3 comments Read the full article →

The Realities of Single Panes of Glass

by Bob Plankers February 23, 2012 System Administration

The folks at Virtualization Tech Field Day 2ย were tweeting about single panes of glass (I think they were playing buzzword bingo) and reminded me of my feelings on the topic. I’ve never thought a single pane of glass was all that special, or necessary. Once upon a time, when I was the IT guy for [...]

4 comments Read the full article →

5 Minutes with vCenter Operations Manager 5

by Bob Plankers January 25, 2012 Virtualization

I installed the new vCenter Operations Manager 5 about an hour ago. Whoa. I had the pleasure of meeting Kit Colbert, Praveen Kannan, and Martin Klaus last April when they were in town, and I know they, and the rest of the team, have been doing a lot of work on the product. It really [...]

1 comment Read the full article →

← Previous Entries

Related searches:
virtual system should appliance article
gipoco.com is neither affiliated with the authors of this page nor responsible for its contents. This is a safe-cache copy of the original web site.