Microsoft Readies Windows Server Virtualization
Microsoft dishes on 'Viridian's' security features.
As rival VMware Inc. was riding high on Wall Street last month with a blockbuster IPO, Microsoft's virtualization team was quietly at work on a platform-level virtualization technology earmarked for integration into Windows.
The first public beta of Windows Server Virtualization (WSV), formerly code-named "Viridian," is expected out by year's end. Redmond has said the final version will ship as an add-on to Windows Server 2008 within 180 days of RTM.
Microsoft's Brandon Baker, a security developer in the Windows Kernel Team working on WSV, offered the first detailed look at the project's security underpinnings during a briefing at the Black Hat conference in Las Vegas in early August. Redmond Developer News recently corresponded with Baker about WSV:
RDN: What types of security have been built into WSV beyond Microsoft's Security Development Lifecycle?
Baker: We have also implemented many mitigation technologies including code signing, stack cookies (/GS) and hardware No eXecute (NX). Our primary security goal is VM [virtual machine] isolation. We have to ensure that we've minimized the damage a compromised virtual machine could do to other VMs.
What kind of feedback did you get at Black Hat?
People were interested in ways they could utilize the [WSV] architecture to offer enhanced security services, namely anti-virus and intrusion detection, for virtualized environments. There's clearly interest in client hypervisors and secure launch.
Does WSV compete with VMware in terms of enabling flexible software test environments for developers and testers?
Anything else you want to mention about WSV?
Our approach to virtualization is unique in the market: It spans from the desktop to the data center, and we're delivering management tools that allow customers to manage their physical and virtual environments from one platform. Windows Server Virtualization, as with other virtualization systems, allows developers to effectively have an 'enterprise in a box.' This makes development and testing of multi-tied applications much easier by allowing a front-end Web app to be developed in one VM while a middle tier can be hosted in another while a back-end database runs in a third VM.
A unique feature is its WMI management interface. This is a full management interface exposed over WMI that allows a great deal of control and automation of VMs.