That monstrous clang you heard on August 12 was the sound of VMware shuffling off its armour of invincibility. The darling of the virtualization market left some stray code in an update, which convinced hypervisors their licences had expired. The results, for the few IT outfits that keep scrupulously up-to-date on these matters, were predictably chaotic.
VMware’s track record had been solid until that date. But all code fails at some point — a flawed upgrade or security patch makes it through QA, an OS upgrade makes it all go wonky. So it’s no surprise gremlins caught up to ESXi. (Appropos nothing, I note it’s a single transposition away from SEXi.)
There are two things, though, that are significant.
First: The hypervisor abstracts the operating system and applications from the hardware. If that layer of abstraction seizes, all those OS instances and applications are disabled.
We’re not just worried about a flaw in the code, which VMware patched in a New York minute. This also means that a malware writer who can reach the hypervisor can reach any application on any operating system. To my knowledge, we haven’t seen that yet. What do you think the odds are we will, and soon?
Which brings us to Point B. We’ve had years and years of Microsoft vulnerabilities, not simply because the products themselves are weak (argue amongst yourselves) but because the massive footprint in the marketplace makes Microsoft an attractive target to hack. Abstracting the OS from the processor makes the hypervisor attractive in the same way — if you can get at the hypervisor, you can get at anything, because everything has to go through the hypervisor. Not a monoculture in the classic Microsoft Windows/Office/Exchange sense, but certainly an attractive single point of access. This may — and should — make those who’d virtualize everything a little warier.