Re: OpenBSD ESXi VMware image on Soekris Net5501

[Bob Beck]

* Michal mic...@sharescope.co.uk [2009-05-21 11:01]:

 Oh I didnt realise it was that under-poweredoh now I just feel stupid
 :(

Well, we are all laughing at you. but only because too many of us get hit
with
this bullshit at work.

http://a2.vox.com/6a00d09e512cfdbe2b00f30f5b193a0001-pi

I mean everyone knows Vmware makes everything run faster, use less
power, more securely, gives blowjobs under the table, etc.. And the
great part about your only tool being a hammer is you sure spend less
time deciding what to use so it's more efficient :)

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Chris Harries]

I know that VMware does all that, I even hear the next release makes you
coffee while you use it and not just instant, as in proper Columbian brewed
coffee...fantastic. But still yes, every once in a while a smart arse pops
his head up and claims he has heard of this VMWARE blah blah blah. It's
nice to know I can bring a little with of laughter to people's lives though,
it sure beats everyone moaning at me as they cannot read e-mails clearly
marked IMPORTANT, DO THIS OR YOUR E-MAIL WONT WORK, then moaning when their
email doesn't work

-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
Bob Beck
Sent: 26 May 2009 17:35
To: Michal
Cc: misc@openbsd.org
Subject: Re: OpenBSD ESXi VMware image on Soekris Net5501

* Michal mic...@sharescope.co.uk [2009-05-21 11:01]:

 Oh I didnt realise it was that under-poweredoh now I just feel stupid
 :(

Well, we are all laughing at you. but only because too many of us get hit
with
this bullshit at work.

http://a2.vox.com/6a00d09e512cfdbe2b00f30f5b193a0001-pi

I mean everyone knows Vmware makes everything run faster, use less
power, more securely, gives blowjobs under the table, etc.. And the
great part about your only tool being a hammer is you sure spend less
time deciding what to use so it's more efficient :)

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Ross Cameron]

When you've got something to start with job it up on Sourceforge and pop us
a message on this list.

Maybe some of us have a use for the same application and will want to help.

On Fri, May 22, 2009 at 8:05 PM, Obiozor Okeke obiozorok...@yahoo.comwrote:


 Thanks Ross/Ed, yes we're going to dump the custom Windows app and use an
 open source solution using Samba's file share capability (with Samba running
 on OBSD of course :).


 --- On Fri, 5/22/09, Ross Cameron abal...@gmail.com wrote:

  From: Ross Cameron abal...@gmail.com
  Subject: Re: OpenBSD ESXi VMware image on Soekris Net5501
  To: Ed Ahlsen-Girard eagir...@cox.net
  Cc: misc@openbsd.org
  Date: Friday, May 22, 2009, 9:05 AM
  On Fri, May 22, 2009 at 5:56 PM, Ed
  Ahlsen-Girard eagir...@cox.net
  wrote:
 
   On 2009-05-22  Ross Cameron wrote:
  
Certainly the hardware chosen isnt anywhere NEAR
  potent enough,... and
   u're
leaving ure whole configuration open for attack
  via the ESXi sub layer.
   
Why not just port the custom app to OpenBSD and
  run the configuration
natively on the hardware?
  
   There are apps on Windows for which porting to
  OpenBSD would be roughly
   equivalent to porting to NetWare Virtual Loadable
  Module.
  
   Maybe he doesn't mind doing it all over from scratch,
  but that's about what
   it
   might turn out to be.
 
 
  True but then again I generally find that rewriting and
  targeting the code
  for portability and re-use is worth the efforts in the long
  run.
 
  Painting you're self into a corner with regards to coding
  standards/languages/host OS are generally just a headache
  waiting to happen
  in the years to come.
 
 






-- 
Opportunity is most often missed by people because it is dressed in
overalls and looks like work.
   Thomas Alva Edison
   Inventor of 1093 patents, including:
   The light bulb, phonogram and motion pictures.

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Ross Cameron]

On Thu, May 21, 2009 at 6:53 PM, obiozorok...@yahoo.com wrote:

 Well I'm certainly no expert in all this and I'm happy to be corrected
 before
 I make any more mistakes with my configuration.  Man am I glad I put this
 post
 out because I'm getting such great feedback!

 I'll have to re-think this but I
 honestly thought (I guess I'm wrong) that if I my first OpenBSD VM image
 running on ESXi as my strong firewall I would be ok.  Basically its just a
 virtualization of my physical environment but all on one box with 3 VM
 images.
 So my idea was to have second OpenBSD image (not the firewall OpenBSD
 image)
 running with Samba as my Domain Controller and File server, and Email
 server
 and then the third Windows VM running just the custom app.  I figured that
 as
 long as all the 'Net traffic hit my first OpenBSD VM and was properly
 filtered
 and controlled by pf, spam greylisting, brute force checked, etc I would be
 ok?  No?


Certainly the hardware chosen isnt anywhere NEAR potent enough,... and u're
leaving ure whole configuration open for attack via the ESXi sub layer.

Why not just port the custom app to OpenBSD and run the configuration
natively on the hardware?

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Ed Ahlsen-Girard]

On 2009-05-22  Ross Cameron wrote:

  Certainly the hardware chosen isnt anywhere NEAR potent enough,... 
and u're
  leaving ure whole configuration open for attack via the ESXi sub layer.
 
  Why not just port the custom app to OpenBSD and run the configuration
  natively on the hardware?

There are apps on Windows for which porting to OpenBSD would be roughly
equivalent to porting to NetWare Virtual Loadable Module.

Maybe he doesn't mind doing it all over from scratch, but that's about 
what it
might turn out to be.

--

Ed Ahlsen-Girard

[demime 1.01d removed an attachment of type APPLICATION/DEFANGED which had a 
name of eagirard.8621DEFANGED-vcf]

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Ross Cameron]

On Fri, May 22, 2009 at 5:56 PM, Ed Ahlsen-Girard eagir...@cox.net wrote:

 On 2009-05-22  Ross Cameron wrote:

  Certainly the hardware chosen isnt anywhere NEAR potent enough,... and
 u're
  leaving ure whole configuration open for attack via the ESXi sub layer.
 
  Why not just port the custom app to OpenBSD and run the configuration
  natively on the hardware?

 There are apps on Windows for which porting to OpenBSD would be roughly
 equivalent to porting to NetWare Virtual Loadable Module.

 Maybe he doesn't mind doing it all over from scratch, but that's about what
 it
 might turn out to be.


True but then again I generally find that rewriting and targeting the code
for portability and re-use is worth the efforts in the long run.

Painting you're self into a corner with regards to coding
standards/languages/host OS are generally just a headache waiting to happen
in the years to come.

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Ed Ahlsen-Girard]

Ross Cameron wrote:
 On Fri, May 22, 2009 at 5:56 PM, Ed Ahlsen-Girard eagir...@cox.net 
 mailto:eagir...@cox.net wrote:

 -(snip)-
 There are apps on Windows for which porting to OpenBSD would be
 roughly
 equivalent to porting to NetWare Virtual Loadable Module.

 Maybe he doesn't mind doing it all over from scratch, but that's
 about what it
 might turn out to be.


 True but then again I generally find that rewriting and targeting the 
 code for portability and re-use is worth the efforts in the long run.

 Painting you're self into a corner with regards to coding 
 standards/languages/host OS are generally just a headache waiting to 
 happen in the years to come.
I am sympathetic with that POV. It's part of why I decided to learn Perl 
instead of VB when I wanted to automate accounts on a Windows web 
server.  When I had to clean up and migrate a Linux web server years 
later (without having meaningful Linux experience), I was very happy 
about my choice.

[demime 1.01d removed an attachment of type APPLICATION/DEFANGED which had a 
name of eagirard.26699DEFANGED-vcf]

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Obiozor Okeke]

Thanks Ross/Ed, yes we're going to dump the custom Windows app and use an open
source solution using Samba's file share capability (with Samba running on
OBSD of course :). 


--- On Fri, 5/22/09, Ross Cameron abal...@gmail.com
wrote:

 From: Ross Cameron abal...@gmail.com
 Subject: Re: OpenBSD ESXi
VMware image on Soekris Net5501
 To: Ed Ahlsen-Girard eagir...@cox.net

Cc: misc@openbsd.org
 Date: Friday, May 22, 2009, 9:05 AM
 On Fri, May 22,
2009 at 5:56 PM, Ed
 Ahlsen-Girard eagir...@cox.net
 wrote:
 
  On
2009-05-22  Ross Cameron wrote:
 
   Certainly the hardware chosen isnt
anywhere NEAR
 potent enough,... and
  u're
   leaving ure whole
configuration open for attack
 via the ESXi sub layer.
  
   Why not
just port the custom app to OpenBSD and
 run the configuration
   natively
on the hardware?
 
  There are apps on Windows for which porting to

OpenBSD would be roughly
  equivalent to porting to NetWare Virtual
Loadable
 Module.
 
  Maybe he doesn't mind doing it all over from
scratch,
 but that's about what
  it
  might turn out to be.
 
 
 True
but then again I generally find that rewriting and
 targeting the code
 for
portability and re-use is worth the efforts in the long
 run.
 
 Painting
you're self into a corner with regards to coding
 standards/languages/host OS
are generally just a headache
 waiting to happen
 in the years to come.

Re: OpenBSD ESXi VMware image on Soekris Net5501

[SJP Lists]

Hi,

2009/5/21 Obiozor Okeke obiozorok...@yahoo.com:
 Hi Diana (and Stuart) thanks for all your advice.

 The problem or nut we're
 trying to crack is that we're trying to deploy OpenBSD to remote clients
and
 we wanted an inexpensive but very high reliability system with the
flexibility
 to change configurations (switch in/out different VMs) and add/modify
services
 remotely on-the-fly.  For example we could upgrade a client from 4.4 to 4.5
 along with all the custom apps and client data packaged in a VM.  We would
 grab the old 4.4 VM bring it back to our lab, then upgrade and re-configure
it
 the way we wanted to and drop it back on the ESXi.  Then just change the
 network configs and switch the old for the new all remotely without ever
 visiting the client

 Thanks again all.

Even if this were feasible (given the hardware limitations of the
5501), you would still have to maintain ESX in a manner which requires
console access.

Wrapping OpenBSD up in ESX defeats the typical purpose of using
OpenBSD.  ESX and other x86 virtualization software introduces a whole
new vulnerable layer of software which requires patching and
rebooting.

Take it from the horses mouth...


A critical vulnerability in the virtual machine display function
might allow a guest operating system to run code on the host. The
Common Vulnerabilities and Exposures Project (cve.mitre.org) has
assigned the name CVE-2009-1244 to this issue.

http://kb.vmware.com/selfservice/microsites/search.do?language=en_UScmd=disp
layKCexternalId=1009853


A memory corruption condition might occur in the virtual machine
hardware. A malicious request sent from the guest operating system to
the virtual hardware might cause the virtual hardware to write to
uncontrolled physical memory.  The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2008-4917
to this issue.

http://kb.vmware.com/selfservice/microsites/search.do?language=en_UScmd=disp
layKCexternalId=1007507


VMware addresses an in-guest privilege escalation on 64-bit guest
operating systems.  VMware products emulate hardware functions
including CPU, memory, and I/O.  A flaw in VMware's CPU hardware
emulation could allow the virtual CPU to jump to an incorrect memory
address. Exploitation of this issue on the guest operating system does
not lead to a compromise of the host system, but could lead to a
privilege escalation on guest operating systems. An attacker would
need to have a user account on the guest operating system.  Affected
guest operating systems include 64-bit Windows, 64-bit FreeBSD, and
possibly other 64-bit operating systems.

http://kb.vmware.com/selfservice/microsites/search.do?language=en_UScmd=disp
layKCexternalId=1007090


This is just a small sample.  All this will get you extra complexity
and the doubt that a problem with the guest software is really with it
or the host.


Shane

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Ed Ahlsen-Girard]

I ran OpenBSD on ESXi on a Dell 905 at my old job and it worked quite 
well.  It wasn't really fast, but it didn't need to be.  All it did was 
mail web forms.  The security auditors didn't even mention it in their 
report.


Ed Ahlsen-Girard

OFF TOPIC: Re: OpenBSD ESXi VMware image on Soekris Net5501

[Kevin Wilcox]

David - it looks like my mobile device did a horrendous job of
displaying your email so I apologise for coming off a bit half-cocked
in the last email (and despite it being so much more OT conversation
on the list, I still wanted to do it publicly).


2009/5/20 David Talkington dt...@flyingjoke.org:

 Kevin Wilcox wrote:

 that practically necessitates IBM, Sun, HP or Dell hardware.

 No it doesn't.

That was based on my last review of the .pdf we received from our
VMWare rep that was, admittedly, some time ago. I just checked the
ESXi HCL and I'm glad to see that support has grown *substantially*,
particularly with them offering ESXi. So, my apologies for outdated
information.

 Skip the virtualisation cruft and install natively.

 That isn't a helpful or enlightened answer (not that one should expect help
 with this topic here).

Agreed. A better reply (though perhaps less relevant) would be,

O.P. - I do not have experience with OBSD on VMWare ESXi on a Soekris.
I do have quite a bit of experience with OpenBSD on VMWare ESX on
officially supported hardware and the results vary depending on load
and how much tweaking you may or may not have to do with your
configuration. For certain storage backends we have to do some minor
voodoo to the disk configuration before the VM is made aware of the
disk - this has caused several of our OpenBSD VMs to panic, an issue
that in no way, shape, form or fashion am I blaming on OpenBSD - that
problem lies with VMWare. On the other hand, I have virtualised
OpenBSD firewalls on plain configurations sitting in front of
virtualised servers (yes, it works for our needs) that never hiccup.
The latest I am using is 4.4 as I've been unable to take any of those
machines down for upgrade since receiving the 4.5 cds.

Because of the quirks that are introduced with running on top of
VMWare, if you have the hardware and this is a single use machine, I
can't stress highly enough that, if at all possible, you should skip
the virtualisation cruft and install natively. Performance *will* be
better, as will reliability and the chance of finding some form of
community assistance.

 O.P., you should start here for detailed ESXi hardware support info:

 http://www.vm-help.com/

And the official VMWare HCL here should you ever decide to move to
supported hardware:

http://www.vmware.com/resources/compatibility/search.php?action=basedeviceCa
tegory=server

kmw

--
To take from one, because it is thought that his own industry and that
of his fathers has acquired too much, in order to spare to others,
who, or whose fathers have not exercised equal industry and skill, is
to violate arbitrarily the first principle of association, bthe
guarantee to every one of a free exercise of his industry,  the
fruits acquired by it.'

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Obiozor Okeke]

Hi Diana (and Stuart) thanks for all your advice.

The problem or nut we're
trying to crack is that we're trying to deploy OpenBSD to remote clients and
we wanted an inexpensive but very high reliability system with the flexibility
to change configurations (switch in/out different VMs) and add/modify services
remotely on-the-fly.  For example we could upgrade a client from 4.4 to 4.5
along with all the custom apps and client data packaged in a VM.  We would
grab the old 4.4 VM bring it back to our lab, then upgrade and re-configure it
the way we wanted to and drop it back on the ESXi.  Then just change the
network configs and switch the old for the new all remotely without ever
visiting the client

Thanks again all.

--- On Wed, 5/20/09, Diana Eichert
deich...@wrench.com wrote:

 From: Diana Eichert deich...@wrench.com

Subject: Re: OpenBSD ESXi VMware image on Soekris Net5501
 To:
misc@openbsd.org
 Date: Wednesday, May 20, 2009, 7:16 PM
 On Wed, 20 May
2009, Obiozor Okeke
 wrote:
 
  Hi I am hoping to run an ESXi OpenBSD 4.5
image on a
 Soekris Net5501
  appliance and I was wondering if anyone has
already
 tried successfully
  running ESXi on the Soekris Net5501 before I
order the
 hardware?
 
  Any advice or comments is appreciated.
 
 
Thanks in advance
 
 The better question is, What nut are you trying to

crack?  Why would
 you even consider running a virtualization system on what
 is
 effectively a 486? Okay, a 500MHz 586, but still, it's slow
 to

start with.
 
 diana
 
 Past hissy-fits are not a predictor of future
hissy-fits.
 Nick Holland(06 Dec 2005)

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Jason Dixon]

On Thu, May 21, 2009 at 06:47:08AM -0700, Obiozor Okeke wrote:
 Hi Diana (and Stuart) thanks for all your advice.
 
 The problem or nut we're
 trying to crack is that we're trying to deploy OpenBSD to remote clients and
 we wanted an inexpensive but very high reliability system with the flexibility
 to change configurations (switch in/out different VMs) and add/modify services
 remotely on-the-fly.  For example we could upgrade a client from 4.4 to 4.5
 along with all the custom apps and client data packaged in a VM.  We would
 grab the old 4.4 VM bring it back to our lab, then upgrade and re-configure it
 the way we wanted to and drop it back on the ESXi.  Then just change the
 network configs and switch the old for the new all remotely without ever
 visiting the client

No offense, but that's a terrible design.  Get yourself two inexpensive
systems (5501's are ok) and run them in a failover configuration.  You
have redundancy and the flexiblity to alternate between releases.
Without the headache of middleware patches, an unsupported
configuration, etc.

-- 
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net/

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Obiozor Okeke]

Wow!!  Thanks guys for all your advice and the vm-help.com site!  The OpenBSD 
community is fantastic!!!

--- On Wed, 5/20/09, Kevin Wilcox ke...@tux.appstate.edu wrote:

 From: Kevin Wilcox ke...@tux.appstate.edu
 Subject: Re: OpenBSD ESXi VMware image on Soekris Net5501
 To: David Talkington dt...@flyingjoke.org, misc@openbsd.org
 Date: Wednesday, May 20, 2009, 7:44 PM
 David, I'm currently mobile and
 unable to track down the HCL for ESX/i
 myself - thus my mentioning them to the original poster
 with what I
 could remember off the top of my head about supported
 machines. If
 that was an insufficient response then the OP is more than
 welcome to
 ignore it. On the other hand, the OP could always say, oh,
 ESXi HCL,
 I wonder... and google 'vmware esxi hardware
 compatibility'.
 
 kmw
 
 On 20/05/2009, David Talkington dt...@flyingjoke.org
 wrote:
  -BEGIN PGP SIGNED MESSAGE-
  Hash: SHA1
 
 
  This is way OT for this list, but:
 
  Kevin Wilcox wrote:
 
  My understanding is that it has a strict HCL,
 
  Yes it does.
 
  that practically necessitates IBM, Sun, HP or Dell
 hardware.
 
  No it doesn't.
 
  Skip the virtualisation cruft and install
 natively.
 
  That isn't a helpful or enlightened answer (not that
 one should expect
  help with this topic here).
 
  O.P., you should start here for detailed ESXi hardware
 support info:
 
  http://www.vm-help.com/
 
  Cheers -d
 
  - --
  David Talkington
  dt...@flyingjoke.org
  - --
  PGP key: http://www.flyingjoke.org/keys/801E3976.asc
  (What's this? http://en.wikipedia.org/wiki/Digital_signature)
  -BEGIN PGP SIGNATURE-
  Version: GnuPG v2.0.11 (GNU/Linux)
 
 
 iQEcBAEBAgAGBQJKFKpkAAoJEO7jL1CAHjl2+YgH/jwqmzLTgAGD1wDkxBPbJGZC
 
 qOQkT2lYoyy0obJ66777wfh/BRcZt88jIpnBVxPfprfnE3h4HUVw/0pP4xtriWcK
 
 nOQp+dWQeuhGYmV9QycWXAWvhRIrSwgmB3LagKPPYUQ4eR0aVz8NJ/LzkJpzwRb1
 
 4kdxc4KXYxDG+HdaQ/mhQ4yGeY2AiTs41zs0oEjBQraeBb/FUwdXzKfFmK9brFxd
 
 kOEuKYUW9QAFnpzAmkKcFHM7QOQ8zIhLNIs7K/jTmLPVYycU14eutUUR+Q+SoI9W
 
 YriQmxcZ2PTxHIXA2hjvORM9FZiy0NwyDU8H9NHl2gA34rq1vheuVUnsHRJVH4U=
  =eE8z
  -END PGP SIGNATURE-
 
 
 --
 Sent from my mobile device
 
 To take from one, because it is thought that his own
 industry and that
 of his fathers has acquired too much, in order to spare to
 others,
 who, or whose fathers have not exercised equal industry and
 skill, is
 to violate arbitrarily the first principle of association,
 bthe
 guarantee to every one of a free exercise of his industry,
  the
 fruits acquired by it.'

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Diana Eichert]

On Thu, 21 May 2009, Obiozor Okeke wrote:


Wow!!  Thanks guys for all your advice and the vm-help.com site!
The OpenBSD community is fantastic!!!


FWIW, I've run ESXi on run of the mill desktops, you just have to
know the various boot options to get the ESXi kernel to boot.

But to sound like a broken record, I hate running higly customized 
configurations for production systems.  Just because you can do

something doesn't mean you should do something.  However it's
ultimately up to you, try it out and let us know how it worked.

g.day

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Diana Eichert]

On Thu, 21 May 2009, Obiozor Okeke wrote:



Hi Diana (and Stuart) thanks for all your advice.

The problem or nut we're trying to crack is that we're trying
to deploy OpenBSD to remote clients and we wanted an inexpensive
but very high reliability system with the flexibility to change
configurations (switch in/out different VMs) and add/modify services
remotely on-the-fly.  For example we could upgrade a client from
4.A4 to 4.5 along with all the custom apps and client data packaged
in a VM.  We would grab the old 4.4 VM bring it back to our lab, then
upgrade and re-configure it the way we wanted to and drop it back on
the ESXi.  Then just change the network configs and switch the old for
the new all remotely without ever visiting the client

Thanks again all.


If you want to stick with the Soekris you might want to consider
basing your solution on flashboot,
http://lists.mindrot.org/pipermail/flashboot/2009-May/000223.html .

Using a CF with multiple partitions would allow you to upgrade
remotely the flashboot kernel.  Of course this would take some work
to fine tune the upgrade procedure to minimize failure mechanisms.

diana

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Obiozor Okeke]

Well I should have mentioned that the ESXi is also running a Windows server VM
for a custom app that requires it.  So the idea was to have one box running
ESXi and reduce hardware costs.

--- On Thu, 5/21/09, Jason Dixon
ja...@dixongroup.net wrote:

 From: Jason Dixon ja...@dixongroup.net

Subject: Re: OpenBSD ESXi VMware image on Soekris Net5501
 To: Obiozor
Okeke obiozorok...@yahoo.com
 Cc: misc@openbsd.org, Diana Eichert
deich...@wrench.com
 Date: Thursday, May 21, 2009, 7:19 AM
 On Thu, May
21, 2009 at 06:47:08AM
 -0700, Obiozor Okeke wrote:
  Hi Diana (and Stuart)
thanks for all your advice.
  
  The problem or nut we're
  trying to
crack is that we're trying to deploy OpenBSD
 to remote clients and
  we
wanted an inexpensive but very high reliability
 system with the flexibility
  to change configurations (switch in/out different VMs)
 and add/modify
services
  remotely on-the-fly.  For example we could
 upgrade a client
from 4.4 to 4.5
  along with all the custom apps and client data
 packaged
in a VM.  We would
  grab the old 4.4 VM bring it back to our lab, then

upgrade and re-configure it
  the way we wanted to and drop it back on the

ESXi.  Then just change the
  network configs and switch the old for the new
all
 remotely without ever
  visiting the client
 
 No offense, but
that's a terrible design.  Get
 yourself two inexpensive
 systems (5501's
are ok) and run them in a failover
 configuration.  You
 have redundancy and
the flexiblity to alternate between
 releases.
 Without the headache of
middleware patches, an unsupported
 configuration, etc.
 
 -- 
 Jason
Dixon
 DixonGroup Consulting
 http://www.dixongroup.net/

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Jason Dixon]

On Thu, May 21, 2009 at 08:05:52AM -0700, Obiozor Okeke wrote:
 
 Well I should have mentioned that the ESXi is also running a Windows server 
 VM for a custom app that requires it.  So the idea was to have one box 
 running ESXi and reduce hardware costs.


BWAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA


*whew*

Thanks, I needed that.

-- 
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net/

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Dag Richards]

Jason Dixon wrote:

On Thu, May 21, 2009 at 08:05:52AM -0700, Obiozor Okeke wrote:

Well I should have mentioned that the ESXi is also running a Windows server VM 
for a custom app that requires it.  So the idea was to have one box running 
ESXi and reduce hardware costs.



BWAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA


*whew*

Thanks, I needed that.



Er yes, you will not be able to get there from here.

Re-think.


Don't run vmware on your firewall.

If you virtualize your entire DC in to a single box, still don't run 
your firewall as a vm.

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Michal]

-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
Jason Dixon
Sent: 21 May 2009 17:08
To: Obiozor Okeke
Cc: misc@openbsd.org; Diana Eichert
Subject: Re: OpenBSD ESXi VMware image on Soekris Net5501

On Thu, May 21, 2009 at 08:05:52AM -0700, Obiozor Okeke wrote:
 
 Well I should have mentioned that the ESXi is also running a Windows
server VM for a custom app that requires it.  So the idea was to have one
box running ESXi and reduce hardware costs.


BWAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA


*whew*

Thanks, I needed that.

-- 
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net/



What a helpful e-mail that was. Thanks for helping the community with that
one

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Edho P Arief]

On Thu, May 21, 2009 at 11:35 PM, Michal mic...@sharescope.co.uk wrote:
 -Original Message-
 From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
 Jason Dixon
 Sent: 21 May 2009 17:08
 To: Obiozor Okeke
 Cc: misc@openbsd.org; Diana Eichert
 Subject: Re: OpenBSD ESXi VMware image on Soekris Net5501

 On Thu, May 21, 2009 at 08:05:52AM -0700, Obiozor Okeke wrote:

 Well I should have mentioned that the ESXi is also running a Windows
 server VM for a custom app that requires it. B So the idea was to have one
 box running ESXi and reduce hardware costs.


 BWAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA


 *whew*

 Thanks, I needed that.

 --
 Jason Dixon
 DixonGroup Consulting
 http://www.dixongroup.net/



 What a helpful e-mail that was. Thanks for helping the community with that
 one



just think, a system with 500mhz and 512MB ram running two VMs. One of
them is Windows (nt4? 98? 3.1?) , no less

--
O ascii ribbon campaign - stop html mail - www.asciiribbon.org

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Michal]

Oh I didnt realise it was that under-poweredoh now I just feel stupid
:(

-Original Message-
From: Edho P Arief [mailto:edhopr...@gmail.com]
Sent: 21 May 2009 17:54
To: Michal
Cc: misc@openbsd.org
Subject: Re: OpenBSD ESXi VMware image on Soekris Net5501

On Thu, May 21, 2009 at 11:35 PM, Michal mic...@sharescope.co.uk wrote:
 -Original Message-
 From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
 Jason Dixon
 Sent: 21 May 2009 17:08
 To: Obiozor Okeke
 Cc: misc@openbsd.org; Diana Eichert
 Subject: Re: OpenBSD ESXi VMware image on Soekris Net5501

 On Thu, May 21, 2009 at 08:05:52AM -0700, Obiozor Okeke wrote:

 Well I should have mentioned that the ESXi is also running a Windows
 server VM for a custom app that requires it.  So the idea was to have one
 box running ESXi and reduce hardware costs.


 BWAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA


 *whew*

 Thanks, I needed that.

 --
 Jason Dixon
 DixonGroup Consulting
 http://www.dixongroup.net/



 What a helpful e-mail that was. Thanks for helping the community with that
 one



just think, a system with 500mhz and 512MB ram running two VMs. One of
them is Windows (nt4? 98? 3.1?) , no less

--
O ascii ribbon campaign - stop html mail - www.asciiribbon.org

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Diana Eichert]

On Thu, 21 May 2009, Michal wrote:


Oh I didnt realise it was that under-poweredoh now I just feel stupid
:(


No needed to feel stupid, you added to the entertainment value of this thread.  
;-)

diana

Re: OpenBSD ESXi VMware image on Soekris Net5501

[obiozorokeke]

Well I'm certainly no expert in all this and I'm happy to be corrected before
I make any more mistakes with my configuration.  Man am I glad I put this post
out because I'm getting such great feedback!

I'll have to re-think this but I
honestly thought (I guess I'm wrong) that if I my first OpenBSD VM image
running on ESXi as my strong firewall I would be ok.  Basically its just a
virtualization of my physical environment but all on one box with 3 VM images.
So my idea was to have second OpenBSD image (not the firewall OpenBSD image)
running with Samba as my Domain Controller and File server, and Email server
and then the third Windows VM running just the custom app.  I figured that as
long as all the 'Net traffic hit my first OpenBSD VM and was properly filtered
and controlled by pf, spam greylisting, brute force checked, etc I would be
ok?  No?

--- On Thu, 5/21/09, Dag Richards dagricha...@speakeasy.net wrote:
 From: Dag Richards dagricha...@speakeasy.net
 Subject: Re: OpenBSD ESXi
VMware image on Soekris Net5501
 To: misc@openbsd.org
 Date: Thursday, May
21, 2009, 9:24 AM
 Jason Dixon wrote:
  On Thu, May 21, 2009 at 08:05:52AM
-0700, Obiozor
 Okeke wrote:
  Well I should have mentioned that the ESXi
is also
 running a Windows server VM for a custom app that requires
 it.  So
the idea was to have one box running ESXi and
 reduce hardware costs.
  

 
  BWAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA
  
  
  *whew*
  
 
Thanks, I needed that.
 
 
 Er yes, you will not be able to get there from
here.
 
 Re-think.
 
 
 Don't run vmware on your firewall.
 
 If you
virtualize your entire DC in to a single box, still
 don't run your firewall
as a vm.

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Diana Eichert]

On Thu, 21 May 2009, obiozorok...@yahoo.com wrote:
SNIP

I'll have to re-think this but I
honestly thought (I guess I'm wrong) that if I my first OpenBSD VM image
running on ESXi as my strong firewall I would be ok.  Basically its just a
virtualization of my physical environment but all on one box with 3 VM images.
So my idea was to have second OpenBSD image (not the firewall OpenBSD image)
running with Samba as my Domain Controller and File server, and Email server
and then the third Windows VM running just the custom app.  I figured that as
long as all the 'Net traffic hit my first OpenBSD VM and was properly filtered
and controlled by pf, spam greylisting, brute force checked, etc I would be
ok?  No?


Yes, you could do this (please NOT on a Soekris) but your system
won't be any more secure than the weakest link.  We haven't really
seen the exploits for ESX, yet.  Virtualization is really cool, you
could own the virtual hardware and the O/S would never know.  It
takes the issue related to binary blobs to a whole new level.

diana

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Henry Sieff]

On Thu, May 21, 2009 at 11:06 AM, Diana Eichert deich...@wrench.com wrote:

 SNIP
.  Virtualization is really cool, you
 could own the virtual hardware and the O/S would never know.  It
 takes the issue related to binary blobs to a whole new level.

Entire machine as binary blob - never thought of it that way, but its
sort of true.

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Bret S. Lambert]

On Thu, May 21, 2009 at 09:53:16AM -0700, obiozorok...@yahoo.com wrote:
 Well I'm certainly no expert in all this and I'm happy to be corrected before
 I make any more mistakes with my configuration.  Man am I glad I put this post
 out because I'm getting such great feedback!
 
 I'll have to re-think this but I
 honestly thought (I guess I'm wrong) that if I my first OpenBSD VM image
 running on ESXi as my strong firewall I would be ok.  Basically its just a
 virtualization of my physical environment but all on one box with 3 VM images.
 So my idea was to have second OpenBSD image (not the firewall OpenBSD image)
 running with Samba as my Domain Controller and File server, and Email server
 and then the third Windows VM running just the custom app.  I figured that as
 long as all the 'Net traffic hit my first OpenBSD VM and was properly filtered
 and controlled by pf, spam greylisting, brute force checked, etc I would be
 ok?  No?

No. The traffic doesn't hit your vm first; it hits the host os first.
Any and all network stack issues there are still in play.

 
 --- On Thu, 5/21/09, Dag Richards dagricha...@speakeasy.net wrote:
  From: Dag Richards dagricha...@speakeasy.net
  Subject: Re: OpenBSD ESXi
 VMware image on Soekris Net5501
  To: misc@openbsd.org
  Date: Thursday, May
 21, 2009, 9:24 AM
  Jason Dixon wrote:
   On Thu, May 21, 2009 at 08:05:52AM
 -0700, Obiozor
  Okeke wrote:
   Well I should have mentioned that the ESXi
 is also
  running a Windows server VM for a custom app that requires
  it.  So
 the idea was to have one box running ESXi and
  reduce hardware costs.
   
 
  
   BWAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA
   
   
   *whew*
   
  
 Thanks, I needed that.
  
  
  Er yes, you will not be able to get there from
 here.
  
  Re-think.
  
  
  Don't run vmware on your firewall.
  
  If you
 virtualize your entire DC in to a single box, still
  don't run your firewall
 as a vm.

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Kevin Wilcox]

2009/5/21  obiozorok...@yahoo.com:

 I'll have to re-think this but I
 honestly thought (I guess I'm wrong) that if I my first OpenBSD VM image
 running on ESXi as my strong firewall I would be ok. B Basically its just a
 virtualization of my physical environment but all on one box with 3 VM
images.
 So my idea was to have second OpenBSD image (not the firewall OpenBSD
image)
 running with Samba as my Domain Controller and File server, and Email
server
 and then the third Windows VM running just the custom app. B I figured that
as
 long as all the 'Net traffic hit my first OpenBSD VM and was properly
filtered
 and controlled by pf, spam greylisting, brute force checked, etc I would be
 ok? B No?

There are some strategic issues with virtualising a firewall.

What should be the simplest, most rock solid member of your network is
now on the same hardware as foo virtual machines. If one of the
application servers is compromised then it's *possible* that the
VMWare server itself could be compromised, rendering the firewall VM
under the control of The Bad Guys. If one of the VMs screws the pooch
and takes down the server then you've not only lost the ability to
communicate with those servers, you've lost the ability to communicate
with your firewall. If one of the application VMs isn't configured
with proper resource limits then performance on the firewall will drop
under periods of heavy traffic. For that matter, you've already
introduced overhead on throughput of the firewall by forcing traffic
to be received by the VM OS before it's received by OpenBSD. If the VM
server is compromised then the things that can be done to traffic
without ever actually disrupting the firewall are almost certainly fun
fun fun (in all fairness, I haven't tried mucking with traffic on
ESX/i, this is based entirely in speculation).

I'm sure there are obvious things that I'm missing but these are the
ones that blast the loudest through my brain when I think about
virtualising a firewall. As I stated before, I have done it and there
are a few that I maintain - and they do their job well - but that
doesn't mean I condone the practice in general and it surely doesn't
suggest that I think it's something that should be done on a whim or
with a light attitude. It is dangerous and unsupported and you need to
understand there is significant risk in doing so.

kmw

--
To take from one, because it is thought that his own industry and that
of his fathers has acquired too much, in order to spare to others,
who, or whose fathers have not exercised equal industry and skill, is
to violate arbitrarily the first principle of association, bthe
guarantee to every one of a free exercise of his industry,  the
fruits acquired by it.'

Re: OpenBSD ESXi VMware image on Soekris Net5501

[eagirard]

Dag Richards wrote:

 Jason Dixon wrote:
  On Thu, May 21, 2009 at 08:05:52AM -0700, Obiozor Okeke wrote:
   Well I should have mentioned that the ESXi is also running a Windows 
   server VM \
   for a custom app that requires it.  So the idea was to have one box 
   running ESXi \
   and reduce hardware costs.
  
  
  BWAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA
  
  
  *whew*
  
  Thanks, I needed that.
 
 
 Er yes, you will not be able to get there from here.
 
 Re-think.
 
 
 Don't run vmware on your firewall.
 
 If you virtualize your entire DC in to a single box, still don't run 
 your firewall as a vm.
 
 
Run a firewall on *hardware* that is not doing anything else.  The firewall is 
practically by definition the thing that is NOT protected by something else; 
have no additional holes in it or in what it relies on.  Like VMWare, or a 
Windows application server.

--
Ed Ahlsen-Girard
Ft. Walton Beach FL

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Obiozor Okeke]

Many, many  thanks to all who responded!  

I now plan to run my OpenBSD
firewall *stand-alone* on directly on a Soekris box for sure (no VM) and
isolate all else on a separate box running the ESXi that fully supports the
ESXi HCL.

Many thanks to all the developers and especially Theo for creating
IMHO the world's greatest OS!!

--- On Thu, 5/21/09, Kevin Wilcox
ke...@tux.appstate.edu wrote:

 From: Kevin Wilcox ke...@tux.appstate.edu
 Subject: Re: OpenBSD ESXi VMware image on Soekris Net5501
 To:
obiozorok...@yahoo.com
 Cc: misc@openbsd.org
 Date: Thursday, May 21, 2009,
11:39 AM
 2009/5/21  obiozorok...@yahoo.com:
 
  I'll have to re-think
this but I
  honestly thought (I guess I'm wrong) that if I my
 first
OpenBSD VM image
  running on ESXi as my strong firewall I would be ok. B

Basically its just a
  virtualization of my physical environment but all on
 one box with 3 VM
 images.
  So my idea was to have second OpenBSD image
(not the
 firewall OpenBSD
 image)
  running with Samba as my Domain
Controller and File
 server, and Email
 server
  and then the third
Windows VM running just the custom
 app. B I figured that
 as
  long as
all the 'Net traffic hit my first OpenBSD VM
 and was properly
 filtered
 
and controlled by pf, spam greylisting, brute force
 checked, etc I would be
  ok? B No?
 
 There are some strategic issues with virtualising a

firewall.
 
 What should be the simplest, most rock solid member of your

network is
 now on the same hardware as foo virtual machines.
 If one of
the
 application servers is compromised then it's *possible*
 that the

VMWare server itself could be compromised, rendering the
 firewall VM
 under
the control of The Bad Guys. If one of the VMs screws
 the pooch
 and takes
down the server then you've not only lost the
 ability to
 communicate with
those servers, you've lost the ability to
 communicate
 with your firewall.
If one of the application VMs isn't
 configured
 with proper resource limits
then performance on the
 firewall will drop
 under periods of heavy traffic.
For that matter, you've
 already
 introduced overhead on throughput of the
firewall by
 forcing traffic
 to be received by the VM OS before it's
received by
 OpenBSD. If the VM
 server is compromised then the things that
can be done to
 traffic
 without ever actually disrupting the firewall are
almost
 certainly fun
 fun fun (in all fairness, I haven't tried mucking
with
 traffic on
 ESX/i, this is based entirely in speculation).
 
 I'm
sure there are obvious things that I'm missing but
 these are the
 ones that
blast the loudest through my brain when I think
 about
 virtualising a
firewall. As I stated before, I have done it
 and there
 are a few that I
maintain - and they do their job well -
 but that
 doesn't mean I condone
the practice in general and it
 surely doesn't
 suggest that I think it's
something that should be done on
 a whim or
 with a light attitude. It is
dangerous and unsupported and
 you need to
 understand there is significant
risk in doing so.
 
 kmw
 
 --
 To take from one, because it is thought
that his own
 industry and that
 of his fathers has acquired too much, in
order to spare to
 others,
 who, or whose fathers have not exercised equal
industry and
 skill, is
 to violate arbitrarily the first principle of
association,
 bthe
 guarantee to every one of a free exercise of his
industry,
  the
 fruits acquired by it.'

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Stuart Henderson]

On 2009-05-21, Diana Eichert deich...@wrench.com wrote:
 On Thu, 21 May 2009, Obiozor Okeke wrote:


 Hi Diana (and Stuart) thanks for all your advice.

 The problem or nut we're trying to crack is that we're trying
 to deploy OpenBSD to remote clients and we wanted an inexpensive
 but very high reliability system with the flexibility to change
 configurations (switch in/out different VMs) and add/modify services
 remotely on-the-fly.  For example we could upgrade a client from
 4.A4 to 4.5 along with all the custom apps and client data packaged
 in a VM.  We would grab the old 4.4 VM bring it back to our lab, then
 upgrade and re-configure it the way we wanted to and drop it back on
 the ESXi.  Then just change the network configs and switch the old for
 the new all remotely without ever visiting the client

 Thanks again all.

 If you want to stick with the Soekris you might want to consider
 basing your solution on flashboot,
 http://lists.mindrot.org/pipermail/flashboot/2009-May/000223.html .

 Using a CF with multiple partitions would allow you to upgrade
 remotely the flashboot kernel.  Of course this would take some work
 to fine tune the upgrade procedure to minimize failure mechanisms.

with flashboot, it's reasonably ok on a single partition too,
just point boot.conf at the right one after downloading. failure
recovery would usually involve a serial port, resetting, and typing
at the boot prompt, but if it's not too disastrous a failure you
might get away with setting the bios to turn the reset button over
to software control and having some daemon check the gpio pin and,
when the button's detected, revert to a previous boot.conf.

OpenBSD ESXi VMware image on Soekris Net5501

[Obiozor Okeke]

Hi I am hoping to run an ESXi OpenBSD 4.5 image on a Soekris Net5501 appliance 
and I was wondering if anyone has already tried successfully running ESXi on 
the Soekris Net5501 before I order the hardware? 

Any advice or comments is appreciated.  

Thanks in advance

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Jim Razmus]

* Obiozor Okeke obiozorok...@yahoo.com [090520 19:40]:
 Hi I am hoping to run an ESXi OpenBSD 4.5 image on a Soekris Net5501 
 appliance and I was wondering if anyone has already tried successfully 
 running ESXi on the Soekris Net5501 before I order the hardware? 
 
 Any advice or comments is appreciated.  
 
 Thanks in advance
 

So in other words, you plan to run OpenBSD on top of ESXi.  Moreover,
you plan to run ESXi on a Soekris.  This doesn't smell like a recipe for
success.  It may be possible, but the light weight nature of a Soekris
would preclude ESXi and anything as a VM in my opinion.  I don't know if
you can even boot/run ESXi on a Soekris.

Better to just to install OpenBSD natively on the Soekris and skip
VMWare altogether.

HTH,
Jim

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Kevin Wilcox]

This is doomed to failure, mostly because I am *almost* certain that
you'll never get ESXi to install on a Soekris. My understanding is
that it has a strict HCL, very similar if not identical to the HCL for
ESX, that practically necessitates IBM, Sun, HP or Dell hardware.

Skip the virtualisation cruft and install natively.

kmw

On 20/05/2009, Obiozor Okeke obiozorok...@yahoo.com wrote:
 Hi I am hoping to run an ESXi OpenBSD 4.5 image on a Soekris Net5501
 appliance and I was wondering if anyone has already tried successfully
 running ESXi on the Soekris Net5501 before I order the hardware?

 Any advice or comments is appreciated.

 Thanks in advance



--
Sent from my mobile device

To take from one, because it is thought that his own industry and that
of his fathers has acquired too much, in order to spare to others,
who, or whose fathers have not exercised equal industry and skill, is
to violate arbitrarily the first principle of association, bthe
guarantee to every one of a free exercise of his industry,  the
fruits acquired by it.'

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Stuart Henderson]

On 2009-05-20, Obiozor Okeke obiozorok...@yahoo.com wrote:
 Hi I am hoping to run an ESXi OpenBSD 4.5 image on a Soekris Net5501 
 appliance and I was wondering if anyone has already tried successfully 
 running ESXi on the Soekris Net5501 before I order the hardware? 

 Any advice or comments is appreciated.  

It's slow enough on a dual core xeon with VT enabled and sufficient ram.
Even if this did work on a Geode (highly unlikely since the latest version
doesn't even work on some HP ML servers properly) it would be so horribly
painful you wouldn't want to do it anyway.

What problem are you trying to solve?

Re: OpenBSD ESXi VMware image on Soekris Net5501

[David Talkington]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


This is way OT for this list, but:

Kevin Wilcox wrote:


My understanding is that it has a strict HCL,


Yes it does.


that practically necessitates IBM, Sun, HP or Dell hardware.


No it doesn't.


Skip the virtualisation cruft and install natively.


That isn't a helpful or enlightened answer (not that one should expect 
help with this topic here).


O.P., you should start here for detailed ESXi hardware support info:

http://www.vm-help.com/

Cheers -d

- --
David Talkington
dt...@flyingjoke.org
- --
PGP key: http://www.flyingjoke.org/keys/801E3976.asc
(What's this? http://en.wikipedia.org/wiki/Digital_signature)
iQEcBAEBAgAGBQJKFKpkAAoJEO7jL1CAHjl2+YgH/jwqmzLTgAGD1wDkxBPbJGZC
qOQkT2lYoyy0obJ66777wfh/BRcZt88jIpnBVxPfprfnE3h4HUVw/0pP4xtriWcK
nOQp+dWQeuhGYmV9QycWXAWvhRIrSwgmB3LagKPPYUQ4eR0aVz8NJ/LzkJpzwRb1
4kdxc4KXYxDG+HdaQ/mhQ4yGeY2AiTs41zs0oEjBQraeBb/FUwdXzKfFmK9brFxd
kOEuKYUW9QAFnpzAmkKcFHM7QOQ8zIhLNIs7K/jTmLPVYycU14eutUUR+Q+SoI9W
YriQmxcZ2PTxHIXA2hjvORM9FZiy0NwyDU8H9NHl2gA34rq1vheuVUnsHRJVH4U=
=eE8z
-END PGP SIGNATURE-

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Diana Eichert]

On Wed, 20 May 2009, Obiozor Okeke wrote:


Hi I am hoping to run an ESXi OpenBSD 4.5 image on a Soekris Net5501
appliance and I was wondering if anyone has already tried successfully
running ESXi on the Soekris Net5501 before I order the hardware?

Any advice or comments is appreciated.

Thanks in advance


The better question is, What nut are you trying to crack?  Why would
you even consider running a virtualization system on what is
effectively a 486? Okay, a 500MHz 586, but still, it's slow to
start with.

diana

Past hissy-fits are not a predictor of future hissy-fits.
Nick Holland(06 Dec 2005)

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Kevin Wilcox]

David, I'm currently mobile and unable to track down the HCL for ESX/i
myself - thus my mentioning them to the original poster with what I
could remember off the top of my head about supported machines. If
that was an insufficient response then the OP is more than welcome to
ignore it. On the other hand, the OP could always say, oh, ESXi HCL,
I wonder... and google 'vmware esxi hardware compatibility'.

kmw

On 20/05/2009, David Talkington dt...@flyingjoke.org wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1


 This is way OT for this list, but:

 Kevin Wilcox wrote:

 My understanding is that it has a strict HCL,

 Yes it does.

 that practically necessitates IBM, Sun, HP or Dell hardware.

 No it doesn't.

 Skip the virtualisation cruft and install natively.

 That isn't a helpful or enlightened answer (not that one should expect
 help with this topic here).

 O.P., you should start here for detailed ESXi hardware support info:

 http://www.vm-help.com/

 Cheers -d

 - --
 David Talkington
 dt...@flyingjoke.org
 - --
 PGP key: http://www.flyingjoke.org/keys/801E3976.asc
 (What's this? http://en.wikipedia.org/wiki/Digital_signature)
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v2.0.11 (GNU/Linux)

 iQEcBAEBAgAGBQJKFKpkAAoJEO7jL1CAHjl2+YgH/jwqmzLTgAGD1wDkxBPbJGZC
 qOQkT2lYoyy0obJ66777wfh/BRcZt88jIpnBVxPfprfnE3h4HUVw/0pP4xtriWcK
 nOQp+dWQeuhGYmV9QycWXAWvhRIrSwgmB3LagKPPYUQ4eR0aVz8NJ/LzkJpzwRb1
 4kdxc4KXYxDG+HdaQ/mhQ4yGeY2AiTs41zs0oEjBQraeBb/FUwdXzKfFmK9brFxd
 kOEuKYUW9QAFnpzAmkKcFHM7QOQ8zIhLNIs7K/jTmLPVYycU14eutUUR+Q+SoI9W
 YriQmxcZ2PTxHIXA2hjvORM9FZiy0NwyDU8H9NHl2gA34rq1vheuVUnsHRJVH4U=
 =eE8z
 -END PGP SIGNATURE-


--
Sent from my mobile device

To take from one, because it is thought that his own industry and that
of his fathers has acquired too much, in order to spare to others,
who, or whose fathers have not exercised equal industry and skill, is
to violate arbitrarily the first principle of association, bthe
guarantee to every one of a free exercise of his industry,  the
fruits acquired by it.'