I'm trying to virtualize some old legacy app servers for a client- NT4 boxes. I have used VMWare's Converter for Physical-to-Virtual migrations with great success on Windows 2000 and up, but it just doesn't like the NT machine's network settings- so I decided to try Microsoft's own physical to virtual migration tools and see if the outcome was better.
Short version:
Do not try this; not at home, not at work, not anywhere, not ever.
A few details of the Microsoft P2V "solution"-
First, start with a Windows 2003 Enterprise Server
Install and configure ADS (Automated Deployment Services)
(ADS requires either MS SQL Server or the MS SQL Desktop Engine- MSDE)
(ADS also requires IIS, the web server, to be installed!)
Install MS Virtual Server 2005
Install MS VSMT (Virtual Server Migration Toolkit)
Now you can start to think about configurations...
As an added bonus- MS VSMT only converts "server" OSes, not desktops.
And, VSMT only does live migration- the source server is shut down at the end of the migration and the VM is booted. That is a great testing scenario...
What is wrong with these people?
By comparison, VMWare's free Converter installs on -and converts- NT4 and up server and desktop OSes, can be "pointed at" a machine to convert or run locally on the machine (or even converted cold with a boot CD if you buy the management suite). Tweaking the networks doesn't look so bad anymore.
The security angle, you ask? There are a few obvious ones- such as building a complex system to convert the machines and then hosting them on the same complicated (and bloated) box, going live and dropping the old machine without testing the VM, and configuration fatigue. Configuration fatigue is when you are so tired of wrestling a system that you give up as soon as it works, telling yourself "I'll secure it later"- of course this thing is already live by that time, and "later" is too late for production system security.
Sorry to sound like an ad for VMWare, but the Microsoft answer is just plain wrong. Besides, you can use Vmware's Player, Server, and Converter for free.
Jack
skip to main |
skip to sidebar
Just another security blog.
About Me
- Jack Daniel
- Storyteller, Information Security Curmudgeon, Security BSides Co-Founder, Community Advocate at Tenable Network Security, Co-host at Security Voices podcast.
Contact- jdaniel/at/voodooelectronics/dot/com