Hi Christian
I have now succesfully tested Capture against an ESXi server using the same
version I compiled for ESX.
So apparently ESXi supports the VIX api, allowing the same functionality as
ESX, for free. Aside of course for some features like consolidated backup,
which is probably not critical for honeypot deployment.
Regards,
Lasse
Date: Mon, 11 Aug 2008 07:57:00 -0700
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; capture-hpc@public.honeynet.org
Subject: Re: [Capture-HPC] clients on ESX server
CC:
Lasse, very awesome! If you are OK with it, I will add those instructions to
our web site. Has anybody tested these out with ESXi?
What performance do you see on your ESX server? How powerful is your box and
how many VMs are you running on it? I am just curious to see how it compares to
VMware server...
Christian
On Fri, Aug 8, 2008 at 5:47 AM, Lasse Borup <[EMAIL PROTECTED]> wrote:
I'm happy to report success in compiling capture for use against ESX.
For reference I list the issues that have troubled me:
1. ESX has to be at least 3.5 update1 and one need to use the VIX 1.5 api, only
available as a download via the vmware server 2 beta download page. And if the
wrapper library is not used, one needs to make sure the VIX_LIB environment
variable is set to the subfolder VIServer-2.0.0 of the topmost VIX folder.
(This is on Windows, i think its done differently on linux, on which i had no
success). I also had some problems with the compile_revert_win32.bat script, in
which were resolved by using "hardcoded" paths instead of the environment
variables. (Don't ask me why, problems with spaces in windows paths).
2. I had to manually copy most of the dll's from the VIServer-2.0.0 folder to
the created capture-release, as revert.exe would complain that they were
missing.
3. In the connect call in revert.c, the parameter
VIX_SERVICEPROVIDER_VMWARE_SERVER should be changed to
VIX_SERVICEPROVIDER_VMWARE_VI_SERVER.
4. In the config.xml file the following changes are needed:
1. Instead of writing for example "127.0.0.1" as the address of the vmware
server, one has to write "https://127.0.0.1/sdk";. The following port number is
ignored.
2. For the path of the virtual machine, the following style is needed:
"[storage1] Client/Client.vmx" where storage1 is the data store containing the
machine. Be aware of the space af the data store name.
Minor issues, but took me some time to weed out, so i hope this might be
helpful to others.
Regards,
Lasse
Date: Thu, 7 Aug 2008 06:49:46 -0700
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; capture-hpc@public.honeynet.org
Subject: Re: [Capture-HPC] clients on ESX server
CC:
Yes, I think this is why I am also interested in it. I would assume, you can
run many more VMs with ESX than with Vmware Server.
I see the matrix on the VIX blog (VMwares APIs are sometimes confusing since
they are so many of them). So, if you install VIX 1.5 and try to recompile the
capture-server, it might work...Lasse, would you have time to give this a try?
Christian
On Thu, Aug 7, 2008 at 12:23 AM, Lasse Borup <[EMAIL PROTECTED]> wrote:
The ESX should really support vix according to the diagram on vmwares VIX-blog.
I am still looking in to it, i think i might have made mistakes during
compilation in my first try.
Whether ESXi (which has recently been made available for free) supports VIX is
unspecified, and i don't know the exact difference between these to versions.
But ESXi is definitely interesting as a platform for honeypots now that its
free...
Date: Wed, 6 Aug 2008 10:01:58 -0700
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; capture-hpc@public.honeynet.org
Subject: Re: [Capture-HPC] clients on ESX server
CC:
I looked at this a bit more. The ESXi doesnt seem to support the VIX API, but
rather a different API is provided.
So, in order to get this working, you need to do the following:
1. Ensure the ESXi API allows to revert VMs as well as start a prg within a
VMwareServer for an example.
2. You would have to extend the capture server to support a new virtual machine
type (this is generic to any virtual machine server...could even be XEN,
Virtual PC, etc)
- implement the interface VirtualMachineServer. You can check the
- add the new type to the VirtualMachineServerFactory (specify a new
type "vmware-esxi")
- modify the config.xml to use this new type "vmware-esxi" instead of
"vmware-server"
If anybody has gone through this exercise for any other virtual machine server
and wants to donate their code, I am happy to add it....
Christian
On Mon, Aug 4, 2008 at 5:48 AM, Lasse Borup <[EMAIL PROTECTED]> wrote:
Hi Christian
I have now tried compiling against VIX 1.5, which according to
http://blogs.vmware.com/vix/ should work against esx server 3.5 update1.
Whereas the binary distribution formerly made network contact to the server
before generating errors, this recompiled version just gave the following error:
> VIX Error on connect in connect: One of the parameters was invalid
> E Disconnected
No network traffic was generated.
Unfortunately i don't have any more time to spend on the matter at this time,
perhaps i will look into it later.
Regards,
Lasse
Date: Sat, 26 Jul 2008 07:24:21 -0700
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; capture-hpc@public.honeynet.org
Subject: Re: [Capture-HPC] clients on ESX server
CC:
Lasse, if the API are identical, no changes are needed. You just need to
recompile. (This is what you do if the VMware Server version changes).
Since I dont have ESX, I am only speculating. Try it and let us know how it
goes.
Christian
On Sat, Jul 26, 2008 at 12:07 AM, Lasse Borup <[EMAIL PROTECTED]> wrote:
Hi Christian
But what changes would I need to make to the source before compiling? Or do i
need to check out a newer version from a repository?
Regards,
Lasse
Date: Fri, 25 Jul 2008 06:39:33 -0700
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; capture-hpc@public.honeynet.org
Subject: Re: [Capture-HPC] clients on ESX server
CC:
Lasse, this might work, but you need to compile the capture server for sure.
Try that and let us know how it goes.
Christian
On Fri, Jul 25, 2008 at 5:11 AM, Lasse Borup <[EMAIL PROTECTED]> wrote:
Hi
In the documentation for Capture-HPC it states that Vmware Server is needed for
the clients. But since Vmware Esx Server also supports the VIX api shouldn't it
be possible to run the clients on ESX?
I'm trying it out but have not been succesfull...
Best regards,
Lasse Borup
_______________________________________________
Capture-HPC mailing list
Capture-HPC@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/capture-hpc
--
----
Web: http://www.mcs.vuw.ac.nz/~cseifert
PGP key
http://www.mcs.vuw.ac.nz/~cseifert/pgpkey.txt
Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 BAEF
_______________________________________________
Capture-HPC mailing list
Capture-HPC@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/capture-hpc
--
----
Web: http://www.mcs.vuw.ac.nz/~cseifert
PGP key
http://www.mcs.vuw.ac.nz/~cseifert/pgpkey.txt
Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 BAEF
_______________________________________________
Capture-HPC mailing list
Capture-HPC@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/capture-hpc
--
----
Web: http://www.mcs.vuw.ac.nz/~cseifert
PGP key
http://www.mcs.vuw.ac.nz/~cseifert/pgpkey.txt
Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 BAEF
_______________________________________________
Capture-HPC mailing list
Capture-HPC@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/capture-hpc
--
----
Web: http://www.mcs.vuw.ac.nz/~cseifert
PGP key
http://www.mcs.vuw.ac.nz/~cseifert/pgpkey.txt
Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 BAEF
_______________________________________________
Capture-HPC mailing list
Capture-HPC@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/capture-hpc
--
----
Web: http://www.mcs.vuw.ac.nz/~cseifert
PGP key
http://www.mcs.vuw.ac.nz/~cseifert/pgpkey.txt
Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 BAEF
_______________________________________________
Capture-HPC mailing list
Capture-HPC@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/capture-hpc
