Lasse, very awesome! If you are OK with it, I will add those instructions to our web site. Has anybody tested these out with ESXi?
What performance do you see on your ESX server? How powerful is your box and how many VMs are you running on it? I am just curious to see how it compares to VMware server... Christian On Fri, Aug 8, 2008 at 5:47 AM, Lasse Borup <[EMAIL PROTECTED]> wrote: > I'm happy to report success in compiling capture for use against ESX. > For reference I list the issues that have troubled me: > > 1. ESX has to be at least 3.5 update1 and one need to use the VIX 1.5 api, > only available as a download via the vmware server 2 beta download page. And > if the wrapper library is not used, one needs to make sure the VIX_LIB > environment variable is set to the subfolder VIServer-2.0.0 of the topmost > VIX folder. (This is on Windows, i think its done differently on linux, on > which i had no success). I also had some problems with the > compile_revert_win32.bat script, in which were resolved by using "hardcoded" > paths instead of the environment variables. (Don't ask me why, problems with > spaces in windows paths). > > 2. I had to manually copy most of the dll's from the VIServer-2.0.0 folder > to the created capture-release, as revert.exe would complain that they were > missing. > > 3. In the connect call in revert.c, the parameter > VIX_SERVICEPROVIDER_VMWARE_SERVER should be changed to > VIX_SERVICEPROVIDER_VMWARE_VI_SERVER. > > 4. In the config.xml file the following changes are needed: > 1. Instead of writing for example "127.0.0.1" as the address of the > vmware server, one has to write "https://127.0.0.1/sdk";. The following > port number is ignored. > 2. For the path of the virtual machine, the following style is needed: > "[storage1] Client/Client.vmx" where storage1 is the data store containing > the machine. Be aware of the space af the data store name. > > Minor issues, but took me some time to weed out, so i hope this might be > helpful to others. > > Regards, > Lasse > > ------------------------------ > Date: Thu, 7 Aug 2008 06:49:46 -0700 > > From: [EMAIL PROTECTED] > To: [EMAIL PROTECTED]; capture-hpc@public.honeynet.org > Subject: Re: [Capture-HPC] clients on ESX server > CC: > > Yes, I think this is why I am also interested in it. I would assume, you > can run many more VMs with ESX than with Vmware Server. > > I see the matrix on the VIX blog (VMwares APIs are sometimes confusing > since they are so many of them). So, if you install VIX 1.5 and try to > recompile the capture-server, it might work...Lasse, would you have time to > give this a try? > > Christian > > On Thu, Aug 7, 2008 at 12:23 AM, Lasse Borup <[EMAIL PROTECTED]>wrote: > > The ESX should really support vix according to the diagram on vmwares > VIX-blog. I am still looking in to it, i think i might have made mistakes > during compilation in my first try. > Whether ESXi (which has recently been made available for free) supports VIX > is unspecified, and i don't know the exact difference between these to > versions. But ESXi is definitely interesting as a platform for honeypots > now that its free... > > > > ------------------------------ > Date: Wed, 6 Aug 2008 10:01:58 -0700 > > From: [EMAIL PROTECTED] > To: [EMAIL PROTECTED]; capture-hpc@public.honeynet.org > Subject: Re: [Capture-HPC] clients on ESX server > CC: > > I looked at this a bit more. The ESXi doesnt seem to support the VIX API, > but rather a different API is provided. > > So, in order to get this working, you need to do the following: > 1. Ensure the ESXi API allows to revert VMs as well as start a prg within a > VMwareServer for an example. > 2. You would have to extend the capture server to support a new virtual > machine type (this is generic to any virtual machine server...could even be > XEN, Virtual PC, etc) > - implement the interface VirtualMachineServer. You can check the > > - add the new type to the VirtualMachineServerFactory (specify a > new type "vmware-esxi") > - modify the config.xml to use this new type "vmware-esxi" > instead of "vmware-server" > > If anybody has gone through this exercise for any other virtual machine > server and wants to donate their code, I am happy to add it.... > > Christian > > On Mon, Aug 4, 2008 at 5:48 AM, Lasse Borup <[EMAIL PROTECTED]>wrote: > > Hi Christian > I have now tried compiling against VIX 1.5, which according to > http://blogs.vmware.com/vix/ should work against esx server 3.5 update1. > Whereas the binary distribution formerly made network contact to the server > before generating errors, this recompiled version just gave the following > error: > > > VIX Error on connect in connect: One of the parameters was invalid > > E Disconnected > > No network traffic was generated. > > Unfortunately i don't have any more time to spend on the matter at this > time, perhaps i will look into it later. > > Regards, > Lasse > > > ------------------------------ > Date: Sat, 26 Jul 2008 07:24:21 -0700 > > From: [EMAIL PROTECTED] > To: [EMAIL PROTECTED]; capture-hpc@public.honeynet.org > Subject: Re: [Capture-HPC] clients on ESX server > CC: > > Lasse, if the API are identical, no changes are needed. You just need to > recompile. (This is what you do if the VMware Server version changes). > Since I dont have ESX, I am only speculating. Try it and let us know how it > goes. > Christian > > > On Sat, Jul 26, 2008 at 12:07 AM, Lasse Borup <[EMAIL PROTECTED]>wrote: > > Hi Christian > > But what changes would I need to make to the source before compiling? Or do > i need to check out a newer version from a repository? > > Regards, > Lasse > > > > ------------------------------ > Date: Fri, 25 Jul 2008 06:39:33 -0700 > From: [EMAIL PROTECTED] > To: [EMAIL PROTECTED]; capture-hpc@public.honeynet.org > Subject: Re: [Capture-HPC] clients on ESX server > CC: > > Lasse, this might work, but you need to compile the capture server for > sure. Try that and let us know how it goes. > Christian > > On Fri, Jul 25, 2008 at 5:11 AM, Lasse Borup <[EMAIL PROTECTED]>wrote: > > Hi > > In the documentation for Capture-HPC it states that Vmware Server is needed > for the clients. But since Vmware Esx Server also supports the VIX api > shouldn't it be possible to run the clients on ESX? > I'm trying it out but have not been succesfull... > > Best regards, > Lasse Borup > > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc > > > > > -- > ---- > Web: http://www.mcs.vuw.ac.nz/~cseifert<http://www.mcs.vuw.ac.nz/%7Ecseifert> > > PGP key > http://www.mcs.vuw.ac.nz/~cseifert/pgpkey.txt<http://www.mcs.vuw.ac.nz/%7Ecseifert/pgpkey.txt> > Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 BAEF > > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc > > > > > -- > ---- > Web: http://www.mcs.vuw.ac.nz/~cseifert<http://www.mcs.vuw.ac.nz/%7Ecseifert> > > PGP key > http://www.mcs.vuw.ac.nz/~cseifert/pgpkey.txt<http://www.mcs.vuw.ac.nz/%7Ecseifert/pgpkey.txt> > Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 BAEF > > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc > > > > > -- > ---- > Web: http://www.mcs.vuw.ac.nz/~cseifert<http://www.mcs.vuw.ac.nz/%7Ecseifert> > > PGP key > http://www.mcs.vuw.ac.nz/~cseifert/pgpkey.txt<http://www.mcs.vuw.ac.nz/%7Ecseifert/pgpkey.txt> > Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 BAEF > > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc > > > > > -- > ---- > Web: http://www.mcs.vuw.ac.nz/~cseifert<http://www.mcs.vuw.ac.nz/%7Ecseifert> > > PGP key > http://www.mcs.vuw.ac.nz/~cseifert/pgpkey.txt<http://www.mcs.vuw.ac.nz/%7Ecseifert/pgpkey.txt> > Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 BAEF > > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc > > -- ---- Web: http://www.mcs.vuw.ac.nz/~cseifert PGP key http://www.mcs.vuw.ac.nz/~cseifert/pgpkey.txt Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 BAEF
_______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc
