ESX 3i was officially announced at VMworld 2007 in September to resounding applause. Analysts immediately began discussing how an embedded hypervisor from the world's leading virtualization vendor would revolutionize data centers across the globe -- virtualization for the masses. To steal from the author of a popular free operating system, I want some of what those people are smoking! The fact of the matter is that ESX 3i, and all embedded hypervisors, are really not that important to the growth or acceptance of virtualization.
This tip reviews my list of reasons why ESX 3i is simply an evolution, not a revolution.
First, let's review the reasons that VMware is touting ESX 3i as the gateway to Virtualization 2.0:
Security - VMware claims greater security because of the smaller code foot-print that 3i has (32 MB) and its lack of a general purpose OS used as a service console.
Reliability - 3i is being touted as increasing the reliability of hypervisors by not relying on traditional hard disk drives.
Simplified management - VMware asserts that remote command line interfaces and hardware management via the Common Information Model (CIM) results in simplified management of 3i.
Plug and play - Just plug 3i in and watch it go! ESX 3i's built-in auto-discovery and configuration feature set is supposed to revolutionize the ability to install a new hypervisor into a data center.
Security and VMware 3i
VMware says that 3i is more secure than VMware ESX 3.x for two reasons:
- 3i has only a 32 MB foot print vs. the several GB of its more mature siblings;
- 3i does not rely on a general purpose OS as its service console, instead it allows users to interact with it through Virtual Center, remote command line tools, or the SDK.
With regards to the smaller code footprint: so what? While, yes, there is the axiom that every several hundred lines of codes potentially introduces a new bug, would VMware attempt to claim that one of their competitors' products is more secure by virtue of having a smaller code base? The fact of the matter is that well reputed security is earned, not granted, based on the number of lines of code that generates a binary.
Red Hat Enterprise Linux (RHEL) has a good reputation as a service console; but VMware has given that up in favor of greater security. Because 3i does not need a console, right? It does not have one. Right? Wrong.
VMware ESX 3i does, in fact, have a console; it is just hidden. 3i uses a single binary has its console, the product of the BusyBox project. Now, I think BusyBox is a great project, but there is no way that it has been scrutinized with has much vigilance as RHEL. There are far fewer developers working on BusyBox, and it does not have the track record that RHEL does. I am not the first person to reach this conclusion either, as you'll see in this article about 3i's security risks.
With 3i, we do not have the known quantity of Red Hat at our backs to help us out. VMware may have made the console harder to get to, but it is still possible to get a command-line interface in 3i. The question is, what security risks does this new console pose?
Reliability and ESX 3i
ESX 3i is also being held up as more reliable because it can run on an anonymous server; a server with no hard drives. The hypervisor itself will run on a solid state storage device. Big deal! Who cares about the hypervisor? VMware's team has worked hard to make 3i installations as painless as possible. If it were installed on a hard drive and the drive failed simply swap a new one in. You would be running it in a redundant array of inexpensive disks -- RAID -- configuration anyway, as in RAID 1 with a hot spare.
Here is the kicker. There are still hard drives! Where do you think your virtual machines (VMs) are stored? The VMs are living on shared storage off on a storage area network (SAN) somewhere. That SAN is not using a bunch of solid state storage devices. Think platters galore. The likelihood of a disk failure is just as prevalent as ever. No biggie, just replace the disk. Putting the hypervisor on a solid state storage device does not dramatically increase the reliability of the hypervisor.
ESX 3i's implified management
ESX 3i may be the first product of VMware's to include its simplified management model, but the features that simplify its management are not exclusive to 3i. The CIM model, as well as remote command line tools and the SDK, should be able to work with ESX 3.5 as well; that is if VMware adds that functionality to 3.5. There is no reason that 3.5, or even 3.0 for that matter, cannot do these same things.
VMware has created an artificial competitive edge with ESX 3i and even labeled these advantages "leverages" on their own product website. While some may consider these "features" wins for 3i, I find the whole artificial distinction to leave a bad taste in my mouth.
Plug and play with 3i?
Plug and play is another no-win for 3i. The plug-and-play functionality of 3i is as artificial as its simplified management. VMware is asserting that independent hardware vendors (IHVs) will be able to ship servers with 3i on them directly to the customer, and the customer can simply plug the box into the network and storage, boot it, and presto "installation complete." That's fantastic! However, I can order a server from an IHV with ESX 3 pre-installed on it today. The difference is that VMware has added this data center plug-and-play functionality exclusively to their 3i product. There is no reason that it cannot work with 3.0 or 3.5 as well. This is just another example of a company trying to promote a new product with features that do not have to be exclusive, they are only exclusive because someone decided they should be.
Is ESX 3i a revolution or a mutation?
These are the key factors that spurred my conclusion that ESX 3i is really just an evolution in technology, not a revolution of gigantic proportions. I would go so far as to even call it a mutation, since the original species, ESX 3.0 and 3.5, has not died out. We will have ESX traditional and ESX embedded. I would like to call on VMware to work towards consolidating these products back into one version. Virtualization is already confusing enough for a lot of people, and for the makers of the easiest, enterprise virtualization solution on the market to contribute to that confusion is sad.
I want 3i to be an evolution. I want virtualization to continue to march forward as the building block of tomorrow's data center. But it will take more than a mutation to make it happen.
Arm the peasants, storm the castle walls, and give us a product that does not just complement today's technology, but destroys it completely and utterly in a glorious revolution and sits atop its throne as the queen of virtualization!
ABOUT THE AUTHOR: Andrew Kutz is deeply embedded in the dark, dangerous world of virtualization. He is a Microsoft Certified Solutions Developer (MCSD), a SANS/GIAC Certified Windows Security Administrator (GCWN) GOLD and a VMware Certified Professional (VCP) in Virtual Infrastructure 3 (VI3). Andrew is the author of the popular open source project, Sudo for Windows. He was employed by the University of Texas at Austin for nearly a decade as a systems administrator and developer and more recently as an analyst for Burton Group.
This was first published in January 2008