VMware's vmxnet driver is paravirtualized and it does provide better performance than the traditional pcnet32 virtual device driver, which operates 100% on software to maintain compatibility with other OSs.
Regarding paravirtualization, it's already known that the new VMware Workstation 6 (currently in beta) and presumably the next version of VMware Server, will support VMware's version of paravirtualization called VMI, which was officially accepted as part of the stock Linux kernel starting on 2.6.21. This may help boosting the performance of Linux-based VMs significantly, and unlike the Xen version, it will boot a single kernel image, regardless of the physical or virtual underlying hardware platform.
Truecrypt provides provides plausible deniability using steganography, so if you are forced to reveal the password, you can mount the "outer" filesystem and still have a hidden volume inside of your encrypted image. This is the only open source cross platform software capable of this that I'm aware of.
My wife is a high school Physics and Biology teacher in California. Believe me, I had similar acid opinions to those expressed in this thread, until I got to see the reality from the other side.
These teachers really work their ass off. I used to think they were all cozy working from 8 AM to 3:15 PM, but that's just the visible portion. Tutoring after school and during lunch time, parent conferences on evenings and weekends, and virtually endless papers to correct. No time to go to the bathroom (no kidding).
They have virtually no resources and many times we end up spending lots of money from our own pocket to get the right materials for the labs. All while the administrators make tons of money, BTW.
But what really doesn't fit in my head is the student population. It doesn't matter how "fun" you make the classes, they just don't care. There is no interest in science and math. As a computer engineer, I can't understand people who wouldn't be moved by the beauty of math and the sciences, but it's freaking everywhere. And I'm talking about Silicon Valley...
Parents are so busy, working 2-3 jobs, that they simply don't have control over their own kids, and kids know it and abuse it. Of course, when things don't work out, they blame the teacher.
If you gather a relatively manageable group of people (up to 10) in a room with a projector, and you work through the meeting with a clear agenda and take visual notes using Mind Mapping software (http://www.mindjet.com/), I've personally experienced a tremendous gain in productivity, as people tend to collaborate better when they have a visual representation.
Actually, what you describe seems to be gaining a lot of popularity lately. CIOs already got the picture that managing PC endpoints is a nightmare, so I guess it makes sense to put them back in the datacenter, either by using physical PC Blades (still expensive), or a shared solution (such as Citrix or X-based desktop sessions).
The latest move, and the one I really like, is using virtual machines hosted in the datacenter. In that way, you can have a single VMware ESX server for example with let's say 40-60 desktop VMs running, each one of them with their own single-session ICA or RDP connection (for Windows) or X, NX, Go-Global, VNC, or whatever else you want to use, traditionally using a front-end connection broker (Citrix, Propero, Wyse, etc).
This approach is called VDI or Virtual Desktop Initiative, and it can leverage Wyse terminals, LTSP, Sun Rays, old PCs, you name it. The point is that the VM is yours. You can do whatever you want with it and that can't affect other users like a shared session would. You don't need to deal with application-level conflicts either, as each VM is completely independent from each other.
I've seen this solution installed in several large organizations with off-shore development teams, where the VMs are hosted in the US while the remote users just establish sessions against it.
I have lots of customers who had this same concern about Windows NT. Virtually everybody had that beige box in the dark corner of the datacenter with a sign on top saying "don't touch" running some critical app in Windows NT, where registry modifications and tweaks go back years and couldn't be replicated. Newer hardware wouldn't support NT so they kept it running.
The ideal solution is a VM. At least if you use VMware ESX, the virtual hardware exposed by the VMM (virtual machine monitor) is always constant regardless of the physical hardware, and the virtual I/O devices are rather old, so any old OS would support it. In fact, in most cases this solution runs faster than the old beige box regardless of the virtualization tax due to the speed of the new processors.
You can keep a system running for years and years with this method, even backup the full VM as a file.
Disclaimer: I work for VMware, but I see this all the time with actual customers.
Other than a Knoppix CD, I carry around 9 DVDs with compressed VMware disk images, with about 36 or 37 different OSs and applications fully configured and ready to run. I also carry a disk with the free VMware Player and VMware Server for both Linux and Windows.
I can literally set up a demo environment for almost anything in 30-60 minutes.
Last week I attended to the last VMworld 2006 conference in LA, where one of the big themes was Virtual Appliances, or basically customized, highly specialized virtual machines where the focus is in the application and no longer the OS. Linux wins hands down in this new approach for software development and distribution. The main reasons are the licensing flexibility and the easy adaptability of the code to a virtualized environment. The keynote by VMware's Chief Scientist and co-founder, Stanford Professor Mendel Rosemblum, showed a future with highly customized OSs, designed to support a single application running on top of a virtualized environment. In fact, I attended a lecture from a researcher from BEA for their jRocket project where they are running a JVM directly on top of a hypervisor with their own custom OS called Bare Metal. Really interesting concept.
There were multiple new vendors showing their stuff in their booths, and you can clearly see Linux dominating this new market, with large players like Oracle already distributing 10g as a vmdk file, or companies like rPath, that creates a tiny micro-Linux distribution tailored to a specific application. New players like Zimbra are already moving to this model.
Linux is appearing as the distribution of choice for this new model, with Microsoft way behind due to their ridiculous restrictions in the re-distribution of Windows, cutting themselves out of this new market.
Some applications will really benefit from this. Virtualization is one of them. I run as many VMware Virtual Machines as I can on my system for all kind of testing, and I've noticed that their products scale really well the more CPUs or cores you have, even the free VMware server.
Using fast memory, fast I/O cards and disks and XFS as a filesystem, the number of VMs per physical box will increase substantially with these new processors.
What's proven to be a very successful solution for me is the use VMware virtual machines encapsulated as files inside a truecrypt volume. The volume is on top of an XFS partition with realtime extension, so you have contiguous extents and the I/O performance is as close as native as you can get. At the same time, I keep the benefits of having a VM, so I can boot it anywhere and I can move/copy the file. I loose the capability of doing good rsync incremental backups because the changing nature of the encrypted file, but I run a full file backup twice a week what gives me acceptable levels of functionality/performance.
Since I started doing that on my Thinkpad T41p, I noticed an 6% increase in my I/O overhead and an 11% on my CPU overhead. If you consider those numbers on a 1.7Ghz laptop, they become virtually irrelevant in a larger configuration with faster disks and CPUs.
I'm originally from Chile, where vote is 1) a manual process, 2) mandatory, and 3) it is conducted eihter on a Sunday or a weekday declared a holiday, so *everybody* gets to vote, no excuses.
Since I moved to the US 6 years ago, I've become very interested in the political system here, but I've also come to appreciate the "simple things" I had back in Chile, like a totally resilient voting process. Here is a brief description:
Everybody has a voter's id with the place where you need to go vote. Randomly in each election, 5 citizens are chosen per each voting table. If they don't show up, they can get hefty fines.
The vote is done with pen and paper, and sealed with a special government-issued stamp. The boxes where the votes go are transparent. At 5 PM, the voting table closes, and the votes are all opened, counted verbally and aloud, and inspected by each individual member of the table. Any discrepancy is resolved by simple majority. The process is completely open and transparent, and can be observed by anyone. The results per table are uploaded via a computer system or telephone, also in the presence of all members and the public.
My position is simple: until we have an electronic system that can provide the same reliability and transparency as the manual system, let's use the manual ones...
Virtualization should not be, but it is, one of the biggest threats against Microsoft dominance, mainly because it relegates the OS to an application workload manager, where the app becomes the most important aspect and the OS is just the wrap for the app.
What they are doing now with their disk format is yet another "mee too" strategy regarding Virtualization. VMware already released its VMDK disk format specification to the open as a well as several other open standards (http://www.vmware.com/interfaces/faqs.html/) so anybody that wants to use it, can do it at no cost already. VMware already released its VMware Server product for free (as in beer), so Microsoft was forced to do the same with their VirtualPC stuff.
What's next? Virtual Appliances (http://www.vmware.com/appliances/), and with them, the rise of Linux in the Enterprise beyond the traditional mid to low tier level.
Of course they'll do whatever they can to combat that.
Disclaimer: I work for VMware.
Well, it really depends a lot on what are you doing.
Lots of folks have their own small server running at home 24x7 already any way, so why not just adding this as one more service layer running on a VM with its own dedicated NIC to protect your network. It behaves just like a separate machine for all practical purposes.
You don't even need a preinstalled VM image for this. It's easier to create your own VM with NO virtual hard drive, boot it from the ISO file and store the configuration on a virtual floppy image. I've done it with Monowall for years and it works like a charm.
With this config you can tweak the amount of real memory you allocate to the VM based on you real utilization patterns (i.e, not everybody will run the Snort module).
Actually, I have an 8 GB microdrive-based USB disk, and I carry a VMware Virtual Machine, encrypted with Truecrypt and a copy of the free VMware Player for Windows and for Linux plus the truecrypt utilities. I can litteraly carry everything I need to work right in my pocket.
This is very bogus. How about a popular blog site? would that be blocked also? how about linkedin.com that I use a lot to keep contact with old colleagues? how about Wikipedia and other wiki sites? can somehow that fall also in the "social" category because multiple people contribute to the same content? think kind of sh*t makes me want to move to Canada. Really.
Yesterday I finished a mandatory Target Accound Selling course using the TAS methodology (http://www.thetasgroup.com/tas/). You know, one of those things that as an Engineer you say it's just crap, but you have to attend any way because you're a pre-sales guy... But now, reading TFA, I realized that this is just a shift in their selling strategy against Open Source from what the course called Frontal/Solution/Reputation to Fragment/Peacefull Coexistance.
The original strategy focuses on crashing the competition by promoting either your total superiority and/or your market reputation. The second one still focuses on crashing the competition, but it is much more subtle, promoting the idea that you can "work with them", that "we don't really compete", and that "we work well together", just to lower some barriers with the target customer, effectively fragmenting your competition and looking like a "nice guy" with the customer.
Very well thought out. Don't necesarely believe it...
Yes, with VMware Server you can create VMs using the Virtual Hardware v4 format, totally compatible with Player, Workstation and ESX 3. You also get experimental support for Virtual SMP for up to 2 CPUs. It's the real deal.
Virtualization overhead is not deterministic due to the nature of the code execution algorithm on the x86 CPUs. From the VMware perspective (which is what I know), you have two kinds of virtualization mechanisms: 1) Hosted on top of Linux or Windows, and 2) Bare metal, on top of a thin hypervisor like ESX.
In the hosted world, the host OS is providing memory management and scheduling, as well as access to its device drivers. In the bare metal architecture, the hypervisor itself provides those functions, making it way more efficient. Recently, a customer was telling me he was running 6 VMs using GSX (now VMware Server) on a 2-way dual-core Opteron box. He installed ESX and he was then running 20 VMs on the same machine. That gives you an idea of the difference on these two approaches from the performance perspective.
The other reason why your performance may vary, is because you have CPU, memory and I/O overhead also. In the CPU realm, the vmkernel is running on ring 0, and the guest OS is relegated to ring 1 in the x86 CPU. The problem is that not all assembly instructions can be executed successfully in ring 1, so VMware's Binary Translator module will actually detect those patterns of "dirty" assembly instructions and will insert traps so every time you hit one of those, it gets executed by the vmkernel on behalf of that VM. So, the more traps you need to do, the more CPU overhead you get.
Additionally to the CPU overhead, you have memory mapping overhead (i.e. no real DMA), I/O subsystem overhead, etc.
Numbers can vary a lot. In general, large companies consider an average of 15% of virtualization tax, which is realistic when you want to run a large number of VMs in multiple systems. In any case, the best approach is to always test your workload before you put it in a sensitive environment.
The recently released VMware Virtual Infrastructure 3 (which is basically ESX 3.0 + VirtualCenter 2.0 + some add-ons) can do this using a technique called Distributed Resource Scheduling (DRS). This is basically a global scheduler running on your VirtualCenter server that works in coordination with the local schedulers in each ESX server part of the same ESX cluster.
When you hit a user-defined treshold for either memory or CPU on a VM, then DRS will trigger a VMotion of that particular VM to another ESX in the cluster without user intervention, effectively running the VM where it can run the best, based on the SLA you defined when you created it.
The cool thing about this is that you can now have a predictable cluster utilization level, regardless of where the VMs are running.
You are partially right. However, the suspension mechanism is external to the VM, who is totally unaware of this. When you resume, it *will* continue executing code the same way it was doing it before. This means that all microcode adaptation will *still* be there.
Remember, in the VMware architecture, all hardware exposed to the VM is just a software construct, with the exception of the CPU. The Guest OS can actually see the *real* CPU, and it takes it in consideration when you boot it...
I would not recommend to start the VM from a fully suspended state. From the Guest OS perspective, the VM may have been booted having let's say a Pentium M processor, adapting the code to run on that processor in particular at boot time. Later, you suspend it, and restart it again on an AMD64-based PC, with completely different architecture. Unless the kernel code is specifically running totally healthy i386 code, this may lead to a panic or blue screen.
Can you see it? it would be such a better story if they would do an actual sequel to Return of the Jedi. They can have Mark Hamil and all/most of the original cast, 30 years later. People would love it.
Imagine Luke trying to re-create the Jedi being the last one alive. Imagine the strugles of the new Republic after the Empire with Leia as the Chancellor. Imagine a hidden Sith trying to regain control.
Prequels are not a bad idea, but we all know the ending. Sequels are the future, always in movement...
Slashdot Mirror
VMware's vmxnet driver is paravirtualized and it does provide better performance than the traditional pcnet32 virtual device driver, which operates 100% on software to maintain compatibility with other OSs.
Regarding paravirtualization, it's already known that the new VMware Workstation 6 (currently in beta) and presumably the next version of VMware Server, will support VMware's version of paravirtualization called VMI, which was officially accepted as part of the stock Linux kernel starting on 2.6.21. This may help boosting the performance of Linux-based VMs significantly, and unlike the Xen version, it will boot a single kernel image, regardless of the physical or virtual underlying hardware platform.
Truecrypt provides provides plausible deniability using steganography, so if you are forced to reveal the password, you can mount the "outer" filesystem and still have a hidden volume inside of your encrypted image. This is the only open source cross platform software capable of this that I'm aware of.
My wife is a high school Physics and Biology teacher in California. Believe me, I had similar acid opinions to those expressed in this thread, until I got to see the reality from the other side.
These teachers really work their ass off. I used to think they were all cozy working from 8 AM to 3:15 PM, but that's just the visible portion. Tutoring after school and during lunch time, parent conferences on evenings and weekends, and virtually endless papers to correct. No time to go to the bathroom (no kidding).
They have virtually no resources and many times we end up spending lots of money from our own pocket to get the right materials for the labs. All while the administrators make tons of money, BTW.
But what really doesn't fit in my head is the student population. It doesn't matter how "fun" you make the classes, they just don't care. There is no interest in science and math. As a computer engineer, I can't understand people who wouldn't be moved by the beauty of math and the sciences, but it's freaking everywhere. And I'm talking about Silicon Valley...
Parents are so busy, working 2-3 jobs, that they simply don't have control over their own kids, and kids know it and abuse it. Of course, when things don't work out, they blame the teacher.
If you gather a relatively manageable group of people (up to 10) in a room with a projector, and you work through the meeting with a clear agenda and take visual notes using Mind Mapping software (http://www.mindjet.com/), I've personally experienced a tremendous gain in productivity, as people tend to collaborate better when they have a visual representation.
Actually, what you describe seems to be gaining a lot of popularity lately. CIOs already got the picture that managing PC endpoints is a nightmare, so I guess it makes sense to put them back in the datacenter, either by using physical PC Blades (still expensive), or a shared solution (such as Citrix or X-based desktop sessions).
The latest move, and the one I really like, is using virtual machines hosted in the datacenter. In that way, you can have a single VMware ESX server for example with let's say 40-60 desktop VMs running, each one of them with their own single-session ICA or RDP connection (for Windows) or X, NX, Go-Global, VNC, or whatever else you want to use, traditionally using a front-end connection broker (Citrix, Propero, Wyse, etc).
This approach is called VDI or Virtual Desktop Initiative, and it can leverage Wyse terminals, LTSP, Sun Rays, old PCs, you name it. The point is that the VM is yours. You can do whatever you want with it and that can't affect other users like a shared session would. You don't need to deal with application-level conflicts either, as each VM is completely independent from each other.
I've seen this solution installed in several large organizations with off-shore development teams, where the VMs are hosted in the US while the remote users just establish sessions against it.
Disclaimer: I work for VMware.
I have lots of customers who had this same concern about Windows NT. Virtually everybody had that beige box in the dark corner of the datacenter with a sign on top saying "don't touch" running some critical app in Windows NT, where registry modifications and tweaks go back years and couldn't be replicated. Newer hardware wouldn't support NT so they kept it running.
The ideal solution is a VM. At least if you use VMware ESX, the virtual hardware exposed by the VMM (virtual machine monitor) is always constant regardless of the physical hardware, and the virtual I/O devices are rather old, so any old OS would support it. In fact, in most cases this solution runs faster than the old beige box regardless of the virtualization tax due to the speed of the new processors.
You can keep a system running for years and years with this method, even backup the full VM as a file.
Disclaimer: I work for VMware, but I see this all the time with actual customers.
Other than a Knoppix CD, I carry around 9 DVDs with compressed VMware disk images, with about 36 or 37 different OSs and applications fully configured and ready to run. I also carry a disk with the free VMware Player and VMware Server for both Linux and Windows.
I can literally set up a demo environment for almost anything in 30-60 minutes.
Last week I attended to the last VMworld 2006 conference in LA, where one of the big themes was Virtual Appliances, or basically customized, highly specialized virtual machines where the focus is in the application and no longer the OS. Linux wins hands down in this new approach for software development and distribution. The main reasons are the licensing flexibility and the easy adaptability of the code to a virtualized environment. The keynote by VMware's Chief Scientist and co-founder, Stanford Professor Mendel Rosemblum, showed a future with highly customized OSs, designed to support a single application running on top of a virtualized environment. In fact, I attended a lecture from a researcher from BEA for their jRocket project where they are running a JVM directly on top of a hypervisor with their own custom OS called Bare Metal. Really interesting concept.
There were multiple new vendors showing their stuff in their booths, and you can clearly see Linux dominating this new market, with large players like Oracle already distributing 10g as a vmdk file, or companies like rPath, that creates a tiny micro-Linux distribution tailored to a specific application. New players like Zimbra are already moving to this model.
Linux is appearing as the distribution of choice for this new model, with Microsoft way behind due to their ridiculous restrictions in the re-distribution of Windows, cutting themselves out of this new market.
Some applications will really benefit from this. Virtualization is one of them. I run as many VMware Virtual Machines as I can on my system for all kind of testing, and I've noticed that their products scale really well the more CPUs or cores you have, even the free VMware server.
Using fast memory, fast I/O cards and disks and XFS as a filesystem, the number of VMs per physical box will increase substantially with these new processors.
What's proven to be a very successful solution for me is the use VMware virtual machines encapsulated as files inside a truecrypt volume. The volume is on top of an XFS partition with realtime extension, so you have contiguous extents and the I/O performance is as close as native as you can get. At the same time, I keep the benefits of having a VM, so I can boot it anywhere and I can move/copy the file. I loose the capability of doing good rsync incremental backups because the changing nature of the encrypted file, but I run a full file backup twice a week what gives me acceptable levels of functionality/performance.
Since I started doing that on my Thinkpad T41p, I noticed an 6% increase in my I/O overhead and an 11% on my CPU overhead. If you consider those numbers on a 1.7Ghz laptop, they become virtually irrelevant in a larger configuration with faster disks and CPUs.
I'm originally from Chile, where vote is 1) a manual process, 2) mandatory, and 3) it is conducted eihter on a Sunday or a weekday declared a holiday, so *everybody* gets to vote, no excuses.
Since I moved to the US 6 years ago, I've become very interested in the political system here, but I've also come to appreciate the "simple things" I had back in Chile, like a totally resilient voting process. Here is a brief description:
Everybody has a voter's id with the place where you need to go vote. Randomly in each election, 5 citizens are chosen per each voting table. If they don't show up, they can get hefty fines.
The vote is done with pen and paper, and sealed with a special government-issued stamp. The boxes where the votes go are transparent. At 5 PM, the voting table closes, and the votes are all opened, counted verbally and aloud, and inspected by each individual member of the table. Any discrepancy is resolved by simple majority. The process is completely open and transparent, and can be observed by anyone. The results per table are uploaded via a computer system or telephone, also in the presence of all members and the public.
My position is simple: until we have an electronic system that can provide the same reliability and transparency as the manual system, let's use the manual ones...
Virtualization should not be, but it is, one of the biggest threats against Microsoft dominance, mainly because it relegates the OS to an application workload manager, where the app becomes the most important aspect and the OS is just the wrap for the app.
What they are doing now with their disk format is yet another "mee too" strategy regarding Virtualization. VMware already released its VMDK disk format specification to the open as a well as several other open standards (http://www.vmware.com/interfaces/faqs.html/) so anybody that wants to use it, can do it at no cost already. VMware already released its VMware Server product for free (as in beer), so Microsoft was forced to do the same with their VirtualPC stuff.
What's next? Virtual Appliances (http://www.vmware.com/appliances/), and with them, the rise of Linux in the Enterprise beyond the traditional mid to low tier level.
Of course they'll do whatever they can to combat that.
Disclaimer: I work for VMware.
Well, it really depends a lot on what are you doing.
Lots of folks have their own small server running at home 24x7 already any way, so why not just adding this as one more service layer running on a VM with its own dedicated NIC to protect your network. It behaves just like a separate machine for all practical purposes.
You don't even need a preinstalled VM image for this. It's easier to create your own VM with NO virtual hard drive, boot it from the ISO file and store the configuration on a virtual floppy image. I've done it with Monowall for years and it works like a charm.
With this config you can tweak the amount of real memory you allocate to the VM based on you real utilization patterns (i.e, not everybody will run the Snort module).
Disclaimer: I work for VMware.
Actually, I have an 8 GB microdrive-based USB disk, and I carry a VMware Virtual Machine, encrypted with Truecrypt and a copy of the free VMware Player for Windows and for Linux plus the truecrypt utilities. I can litteraly carry everything I need to work right in my pocket.
This is very bogus. How about a popular blog site? would that be blocked also? how about linkedin.com that I use a lot to keep contact with old colleagues? how about Wikipedia and other wiki sites? can somehow that fall also in the "social" category because multiple people contribute to the same content? think kind of sh*t makes me want to move to Canada. Really.
Yesterday I finished a mandatory Target Accound Selling course using the TAS methodology (http://www.thetasgroup.com/tas/). You know, one of those things that as an Engineer you say it's just crap, but you have to attend any way because you're a pre-sales guy... But now, reading TFA, I realized that this is just a shift in their selling strategy against Open Source from what the course called Frontal/Solution/Reputation to Fragment/Peacefull Coexistance.
The original strategy focuses on crashing the competition by promoting either your total superiority and/or your market reputation. The second one still focuses on crashing the competition, but it is much more subtle, promoting the idea that you can "work with them", that "we don't really compete", and that "we work well together", just to lower some barriers with the target customer, effectively fragmenting your competition and looking like a "nice guy" with the customer.
Very well thought out. Don't necesarely believe it...
Yes, with VMware Server you can create VMs using the Virtual Hardware v4 format, totally compatible with Player, Workstation and ESX 3. You also get experimental support for Virtual SMP for up to 2 CPUs. It's the real deal.
Virtualization overhead is not deterministic due to the nature of the code execution algorithm on the x86 CPUs. From the VMware perspective (which is what I know), you have two kinds of virtualization mechanisms: 1) Hosted on top of Linux or Windows, and 2) Bare metal, on top of a thin hypervisor like ESX.
In the hosted world, the host OS is providing memory management and scheduling, as well as access to its device drivers. In the bare metal architecture, the hypervisor itself provides those functions, making it way more efficient. Recently, a customer was telling me he was running 6 VMs using GSX (now VMware Server) on a 2-way dual-core Opteron box. He installed ESX and he was then running 20 VMs on the same machine. That gives you an idea of the difference on these two approaches from the performance perspective.
The other reason why your performance may vary, is because you have CPU, memory and I/O overhead also. In the CPU realm, the vmkernel is running on ring 0, and the guest OS is relegated to ring 1 in the x86 CPU. The problem is that not all assembly instructions can be executed successfully in ring 1, so VMware's Binary Translator module will actually detect those patterns of "dirty" assembly instructions and will insert traps so every time you hit one of those, it gets executed by the vmkernel on behalf of that VM. So, the more traps you need to do, the more CPU overhead you get.
Additionally to the CPU overhead, you have memory mapping overhead (i.e. no real DMA), I/O subsystem overhead, etc.
Numbers can vary a lot. In general, large companies consider an average of 15% of virtualization tax, which is realistic when you want to run a large number of VMs in multiple systems. In any case, the best approach is to always test your workload before you put it in a sensitive environment.
[Disclaimer: I work for VMware]
The recently released VMware Virtual Infrastructure 3 (which is basically ESX 3.0 + VirtualCenter 2.0 + some add-ons) can do this using a technique called Distributed Resource Scheduling (DRS). This is basically a global scheduler running on your VirtualCenter server that works in coordination with the local schedulers in each ESX server part of the same ESX cluster.
When you hit a user-defined treshold for either memory or CPU on a VM, then DRS will trigger a VMotion of that particular VM to another ESX in the cluster without user intervention, effectively running the VM where it can run the best, based on the SLA you defined when you created it.
The cool thing about this is that you can now have a predictable cluster utilization level, regardless of where the VMs are running.
[Disclaimer: I work for VMware]
I use a read-only VMware Virtual Machine running on VM Player for all browsing and IM activities. It doesn't get more secure than that.
You are partially right. However, the suspension mechanism is external to the VM, who is totally unaware of this. When you resume, it *will* continue executing code the same way it was doing it before. This means that all microcode adaptation will *still* be there.
Remember, in the VMware architecture, all hardware exposed to the VM is just a software construct, with the exception of the CPU. The Guest OS can actually see the *real* CPU, and it takes it in consideration when you boot it...
Believe me, I know this from my own experience...
I would not recommend to start the VM from a fully suspended state. From the Guest OS perspective, the VM may have been booted having let's say a Pentium M processor, adapting the code to run on that processor in particular at boot time. Later, you suspend it, and restart it again on an AMD64-based PC, with completely different architecture. Unless the kernel code is specifically running totally healthy i386 code, this may lead to a panic or blue screen.
You see? the Jedi are taking over!!!
Can you see it? it would be such a better story if they would do an actual sequel to Return of the Jedi. They can have Mark Hamil and all/most of the original cast, 30 years later. People would love it.
Imagine Luke trying to re-create the Jedi being the last one alive. Imagine the strugles of the new Republic after the Empire with Leia as the Chancellor. Imagine a hidden Sith trying to regain control.
Prequels are not a bad idea, but we all know the ending. Sequels are the future, always in movement...