Archive for the ‘Quick Take’ Category

h1

Quick Take: VMware ESXi 5.0, Patch ESXi50-Update01

March 16, 2012

VMware releases ESXi 5.0 Complete Update 1 for vSphere 5. An important change for this release is the inclusion of general and security-only image profiles:

Starting with ESXi 5.0 Update 1, VMware patch and update releases contain general and security-only image profiles. Security-only image profiles are applicable to new security fixes only. No new bug fixes are included, but bug fixes from earlier patch/update releases are included.

The general release image profile supersedes the security-only profile. Application of the general release image profile applies to new security and bug fixes.

The security-only image profiles are identified with the additional “s” identifier in the image profile name.

Just a few of the more interesting bugs fixed in this release:

PR 712342: Cannot assign VMware vSphere Hypervisor license key to an ESXi host with pRAM greater than 32GB

PR 719895: Unable to add a USB device to a virtual machine (KB 1039359).

PR 721191: Modifying snapshots using the commands vim-cmd vmsvc/snapshot.remove or vim-cmd vmsvc/snapshot.revert
will fail when applied against certain snapshot tree structures.

This issue is resolved in this release. Now a unique identifier, snapshotId, is created for every snapshot associated to a virtual machine. You can get the snapshotId by running the command vim-cmd vmsvc/snapshot.get <vmid>. You can use the following new syntax when working with the same commands:

Revert to snapshot: vim-cmd vmsvc/snapshot.revert <vmid> <snapshotId> [suppressPowerOff/suppressPowerOn]
Remove a snapshot: vim-cmd vmsvc/snapshot.remove <vmid> <snapshotId>

PR 724376: Data corruption might occur if you copy large amounts of data (more than 1GB) from a 64-bit Windows virtual machine to a USB storage device.

PR 725429: Applying a host profile to an in-compliance host causes non-compliance (KB 2003472).

PR 728257: On a pair of HA storage controllers configured for redundancy, if you take over one controller, the datastores that reside on LUNs on the taken over controller might show inactive and remain inactive until you perform a rescan manually.

PR 734366: Purple diagnostic screen with vShield or third-party vSphere integrated firewall products (KB 2004893)

PR 734707: Virtual machines on a vNetwork Distributed Switch (vDS) configured with VLANs might lose network connectivity upon boot if you configure Private VLANs on the vDS. However, disconnecting and reconnecting the uplink solves the problem.This issue has been observed on be2net NICs and ixgbe vNICs.

PR 742242: XCOPY commands that VAAI sends to the source storage device might fail. By default, XCOPY commands should be sent to the destination storage device in accordance with VAAI specification.

PR 750460: Adding and removing a physical NIC might cause an ESXi host to fail with a purple screen. The purple diagnostic screen displays an error message similar to the following:

NDiscVlanCheck (data=0x2d16, timestamp=<value optimized out>) at bora/vmkernel/public/list.h:386

PR 751803: When disks larger than 256GB are protected using vSphere Replication (VR), any operation that causes an internal restart of the virtual disk device causes the disk to complete a full sync. Internal restarts are caused by a number of conditions including any time:

  • A virtual machine is restarted
  • A virtual machine is vMotioned
  • A virtual machine is reconfigured
  • A snapshot is taken of the virtual machine
  • Replication is paused and resumed

PR 754047: When you upgrade VMware Tools the upgrade might fail because, some Linux distributions periodically delete old files and folders in /tmp. VMware Tools upgrade requires this directory in /tmp for auto upgrades.

PR 766179: ESXi host installed on a server with more than 8 NUMA nodes fails and displays a purple screen.

PR 769677: If you perform a VMotion operation to an ESXi host on which the boot-time option “pageSharing” is disabled, the ESXi host might fail with a purple screen.

Disabling pageSharing severely affects performance of the ESXi host. Because pageSharing should never be disabled, starting with this release, the “pageSharing” configuration option is removed.

PR 773187: On an ESXi host, if you configure the Network I/O Control (NetIOC) to set the Host Limit for Virtual Machine Traffic to a value higher than 2000Mbps, the bandwidth limit is not enforced.

PR 773769: An ESXi host halts and displays a purple diagnostic screen when using Network I/O Control with a Network Adapter that does not support VLAN Offload (KB 2011474).

PR 788962: When an ESXi host encounters a corrupt VMFS volume, VMFS driver might leak memory causing VMFS heap exhaustion. This stops all VMFS operations causing orphaned virtual machines and missing datastores. vMotion operations might not work and attempts to start new virtual machines might fail with errors about missing files and memory exhaustion. This issue might affect all ESXi hosts that share the corrupt LUN and have running virtual machines on that LUN.

PR 789483: After you upgrade to ESXi 5.0 from ESXi 4.x, Windows 2000 Terminal Servers might perform poorly. The consoles of these virtual machines might stop responding and their CPU usage show a constant 100%.

PR 789789: ESXi host might fail with a purple screen when a virtual machine connected to VMXNET 2 vNIC is powered on. The purple diagnostic screen displays an error message similar to the following:

0x412261b07ef8:[0x41803b730cf4]Vmxnet2VMKDevTxCoalesceTimeout@vmkernel#nover+0x2b stack: 0x412261b0
0x412261b07f48:[0x41803b76669f]Net_HaltCheck@vmkernel#nover+0xf6 stack: 0x412261b07f98

You might also observe an error message similar to the following written to VMkernel.log:

WARNING: Vmxnet2: 5720: failed to enable port 0x2000069 on vSwitch1: Limit exceeded^[[0m

SOLORI’s Take: Lions, tigers and bears – oh my! In all, I count seven (7) unique PSD bugs (listed in the full KB) along with some rather head-scratching gotchas.  Lots of reasons to keep your vSphere hosts current in this release to be sure… Use Update Manager or start your update journey here…

h1

VMware vCenter5: Revenge of Y2K, aka Worst Host Import Fail Ever!

January 6, 2012

I was recently involved in a process of migrating from vSphere 4 to vSphere 5 for an enterprise client leapfrogging from vSphere 4.0 to vSphere 5.0. Their platform is and AMD service farm with modern, socket G34 CPU blades and 10G Ethernet connectivity – all moving parts on VMware’s Hardware Compatibility List for all versions of vSphere involved in the process.

Supermicro AS-2022TG Platform Compatibility

Intel 10G Ethernet, i82599EB Chipset based NIC

Although VMware lists the 2022TG-HIBQRF as ESXi 5.0 compatible and not the 2022TG-HTRF, it is necessary to note the only difference between the two is the presence of a Mellanox ConnectX-2 QDR infiniband controller on-board: the motherboards and BIOS are exactly the same, the Mellanox SMT components are just mission on the HTRF version.

It is key to note that VMware also distinguishes the ESXi compatible platform by supported BIOS version 2.0a (Supermicro’s current version) versus 1.0b for the HTRF version. The current version is also required for AMD Opteron 6200 series CPUs which is not a factor in this current upgrade process (i.e. only 6100-series CPUs are in use). For this client, the hardware support level of the current BIOS (1.0c) was sufficient.

Safe Assumptions

So is it safe to assume that a BIOS update is not necessary when migrating to a newer version of vSphere? In the past, it’s been feature driven. For instance, proper use new hardware features like Intel EPT, AMD RVI or VMDirectPath (pci pass-through) have required BIOS updates in the past. All of these features were supported by the “legacy” version of vSphere and existing BIOS – so sounds safe to assume a direct import into vCenter 5 will work and then we can let vCenter manage the ESXi update, right?

Well, not entirely: when importing the host to vCenter5 the process gets all the way through inventory import and the fails abruptly with a terse message “A general system error occurred: internal error.” Looking at the error details in vCenter5 is of no real help.

Import of ESXi 4 host fails in vCenter5 for unknow reason.

A search of the term in VMware Communities is of no help either (returns non-relevant issues). However, digging down to the vCenter5 VPXD log (typically found in the hidden directory structure “C:\ProgramData\VMware\VMware VirtualCenter\Logs\”) does return a nugget that is both helpful and obscure.

Reviewing the vCenter VPXD log for evidence of the import problem.

If you’ve read through these logs before, you’ll note that the SSL certificate check has been disabled. This was defeated in vCenter Server Settings to rule-out potentially stale SSL certificates on the “legacy” ESXi nodes – it was not helpful in mitigating the error. The section highlighted was, however, helpful in uncovering a relevant VMware Knowledgebase article – the key language, “Alert:false@ D:/build/ob/bora-455964/bora/vim/lib/vdb/vdb.cpp:3253″ turns up only one KB article – and it’s a winner.

Knowledge Base article search for cryptic VPXD error code.

It is important – if not helpful – to note that searching KB for “import fail internal error” does return nine different (and unrelated) articles, but it does NOT return this KB (we’ve made a request to VMware to make this KB easier to find in a simpler search). VMware’s KB2008366 illuminates the real reason why the host import fails: non-Y2K compliant BIOS date is rejected as NULL data by vCenter5.

Y2K Date Requirement, Really?

Yes, the spectre of Y2K strikes 12 years later and stands as the sole roadblock to importing your perfectly functioning ESXi 4 host into vCenter5. According the the KB article, you can tell if you’re on the hook for a BIOS update by checking the “Hardware/Processors” information pane in the “Host Configuration” tab inside vCenter4.

ESXi 4.x host BIOS version/date exposed in vCenter4

According to vCenter date policy, this platform was minted in 1910. The KB makes it clear that any two-digit year will be imported as 19XX, where XX is the two digit year. Seeing as how not even a precursor of ESX existed in 1999, this choice is just dead stupid. Even so, the x86 PC wasn’t even invented until 1978, so a simple “date check” inequality (i.e. if “two_digit_date” < 78 then “four_digit_date” = 2000 + “two_digit_date”) would have resolved the problem for the next 65 years.

Instead, VMware will have you go through the process of upgrading and testing a new (and, as 6200 Opterons are just now available to the upgrade market, a likely unnecessary) BIOS version on your otherwise “trusty” platform.

Non-Y2K compliant BIOS date

Y2K-compliant BIOS date, post upgrade

Just to add insult to injury with this upgrade process, the BIOS upgrade for this platform comes with an added frustration: the IPMI/BMC firmware must also be updated to accommodate the new hardware monitoring capabilities of the new BIOS. Without the BMC update, vCenter will complain of Northbridge chipset overheat warnings from the platform until the BMC firmware is updated.

So, after the BIOS update, BMC update and painstaking hours (to days) of “new” product testing, we arrive at the following benefit: vCenter gets the BIOS version date correctly.

vCenter5 only wants Y2K compliant BIOS release dates for imported hosts

Bar Unnecessarily High

VMware actually says, “if the BIOS release date of the host is in the MM/DD/YY format, contact the hardware vendor to obtain the current MM/DD/YYYY format.” Really? So my platform is not vCenter5 worthy unless the BIOS date is four-digit year formatted? Put another way, VMware’s coders can create the premier cloud platform but they can’t handle a simple Y2K date inequality. #FAIL

Forget “the vRAM tax”, this obstacle is just dead stupid and unnecessary; and it will stand in the way of many more vSphere 5 upgrades. Relying on a BIOS update for a platform that was previously supported (remember 1.0b BIOS above?) just to account for the BIOS date is arbitrary at best, and it does not pose a compelling argument to your vendor’s support wing when dealing with an otherwise flawless BIOS.

SOLORI’s Take:

We’ve submitted a vCenter feature request to remove this exclusion for hundreds of vSphere 4.x hosts, maybe you should too…

h1

Quick-Take: VMworld 2011, Thoughts on the Airplane

August 28, 2011

On the way to VMworld this morning this morning I started-out by listening to @Scott_lowe, @mike_laverick and @duncanyp about stretched clusters and some esoteric storage considerations. Then i was off reading @sakacc blogging about his take on stretch clusters and the black hole of node failure when I stumbled on a retweet @bgracely via @andreliebovici about the spectre of change in our industry. Suddenly these things seemed very well related within the context of my destination: VMworld 2011.

Back about a month ago when vSphere 5 was announced the buzz about the “upgrade” was consumed by discussions about licensing and vRAM. Naturally, this was not the focus VMware was hoping for, especially considering how much of a step forward vSphere 5 is over VS4. Rather, VMware – by all deserved rights – wanted to hear “excited” conversations about how VS5 was closing the gap on vCloud architecture problems and pain-points.

Personally, I managed to keep the vRAM licensing issue out of SOLORI’s blog for two reasons: 1) the initial vRAM targets were so off that VMware had to make a change, and 2) significant avenues for the discussion were available elsewhere. That does not mean I wasn’t outspoken about my thoughts on vRAM – made obvious by contributions to some community discussions on the topic – or VMware’s reasoning for moving to vRAM. Suffice to say VMware did “the right thing” – as I had confidence they would – and the current vRAM targets capture 100% of my clients without additional licenses.

I hinted that VS5 answers a lot of the hanging questions from VS4 in terms of facilitating how cloud confederations are architected, but the question is: in the distraction, did VS5’s “goodness” get lost in the scuffle? If so, can they get back the mind share they may have lost to Chicken Little reactionaries?

First, if VMware’s lost ground to anyone, it’s VMware. The vast majority of cool-headed admins I talked to were either not affected by vRAM or were willing to take a wait-and-see outlook on vSphere 5 with continued use of vSphere 4.1. Some did evaluate Hyper-V’s “readiness” but most didn’t blink. By comparison, vSphere 4.1 still had more to offer private cloud than anything else.

Secondly, vSphere 5 “goodness” did get lost in the scuffle, and that’s okay! It may be somewhat counter intuitive but I believe VMware will actually come out well ahead of their “would be” position in the market, and it is precisely because of these things, not just in spite of them. Here’s my reasoning:

1) In the way the vSphere 5 launch announcement and vRAM licensing debacle unfolded, lot of the “hot air” about vRAM was vented along the way. Subsequently, VMware gained some service cred by actually listening to their client base and making a significant change to their platform pricing model. VMware got more bang-for-their-buck out of that move as the effect on stock price may never be known here, given the timing of the S&P ratings splash, but I would have expected to see a slight hit. Fortunately, 20-30% sector slides trump vRAM, and only Microsoft is talking about vRAM now (that is until they adopt something similar.)

On that topic, anytime you can get your competitor talking about your product instead of theirs, it usually turns out to be a good thing. Even in this case, where the topic has nothing to do with the needs of most businesses, negative marketing against vRAM will ultimately do more to establish VMware as an innovator than an “already too expensive alternative to XYZ.”

2) SOLORI’s law of conservation of marketing momentum: goodness preserved, not destroyed. VMworld 2011 turns out to be perfectly timed to generate excitement in all of the “goodness” that vSphere 5 has to offer. More importantly, it can now do so with increased vigor and without a lot of energy siphoned-off discussing vRAM, utilization models and what have you: been there done that, on to the meat and away with the garnish.

3) Again it’s odd timing, but the market slide has more folks looking at cloud than ever before. Confidence in cloud offerings has been a deterrent for private cloud users, partly because of the “no clear choices” scenario and partly because concerns about data migration in and around the public cloud. Instability and weak growth in the world economy have people reevaluating CAPEX-heavy initiatives as well as priorities. The bar for cloud offerings has never been lower.

In vSphere 5, VMware hints at the ability for more cloud providers to be transparent to the subscriber: if they adopt vSphere. Ultimately, this will facilitate vendor agnosticism much like the early days of the Internet. Back then, operators discovered that common protocols allowed for dial-up vendors to share resources in a reciprocal and transparent manner. This allowed the resources of provider A to be utilized by a subscriber of provider B: the end user was completely unaware of the difference. For those that don’t have strict requirements on where their data “lives” and/or are more interested in adherence to availability and SLA requirements, this can actually induce a broader market instead of a narrower one.

If you’ve looked past vRAM, you may have noticed for yourself that vSphere has more to deliver cloud offerings than ever before. VMware will try to convince you that whether cloud bursting, migrating to cloud or expanding hybrid cloud options, having a common underlying architecture promotes better flexibility and reduces overall cost and complexity. They want you to conclude that vSphere 5 is the basis for that architecture. Many will come away from Las Vegas – having seen it – believing it too.

So, as I – and an estimated 20K+ other virtualization junkies – head off to Las Vegas for a week of geek overload, parties and social networking, my thoughts turn to @duncanyp‘s 140+ improvements, enhancements and advances waiting back home in my vSphere 5 lab. Last week he challenged his “followers” to be the first to post examples of all of them; with the myriad of hands-on labs and expert sessions just over the horizon, I hope to do it one better and actually experience them first hand.

These things all add up to a win-win for VMware and a strong showing for VMworld. It’s going to be an exciting and – tip of the hat to @bgracely - industry changing week! Now off to the fray…

References:

See Mike Laverick’s chinwag podcasts

See Chad’s Sakacc’s VirtualGeek blog on stretched cluster issues to overcome

(excuse typos today, wordpress iPad…)

h1

Quick-Take: vCMA Updated, SSL now Default

March 17, 2011
vCMA Login Screen, iPhone

vCMA Login Screen

In February, we detailed the installation and first use of the VMware vCenter Mobile Access appliance (version 1.0.41). In that write up, we pointed out that vCMA had some security issues and said the following:

Being HTTP-only, vCMA doesn’t lend itself to secure computing over the public Internet or untrusted intranet. Instead, it is designed to work with security layer(s) in front of it. While it IS possible to add HTTPS to the Apache/Tomcat server delivering its web application, vCMA is meant to be deployed as-is and updated as-is – it’s an appliance.

- SOLORI’s blog, 28-Feb-2011

Seems VMware is listening. Yesterday, VMware announced the release and immediate availability of vCMA v1.0.42 with HTTPS/SSL enabled by default. We got this from the “vSphere MicroClient Functional Specification Guide:”

SSL Connections
By default “https” (or SSL certificate) is enabled in the appliance for the vCMA for enhanced security. You can replace the out-of-the-box certificate with your own, if needed. However, http->https redirection is currently not supported.

Other deployment considerations

  1. The vCMA server comes with a default userid/password. For security reasons, we strongly recommended that you change root password.
  2. If you prefer, you can set a hostname or IP address for the appliance.
  3. Using standard Linux utilities, you can change the date and time in the appliance.
  4. You can also upgrade the hardware version and VMware Tools in the vCMA appliance following standard procedures.

SOLORI’s Take: This welcomed change circumvents any additional kludge work necessary to secure the appliance. Using an HTTPS proxy was cumbersome and kludgey in its own right and “hacking” the appliance was tricky and doomed to be reversed by the next appliance update. VMware’s move opens the door for more widespread use vCMA and (hopefully) more interesting applications of its use in the future.

h1

Quick-Take: Buying an iPad2 on Friday

March 10, 2011

New iPad2, launcing in White and Black "on day one"

If you’re chomping at the bit to buy an iPad2 on launch day, the question remains: which one to buy? There seems to be many options and ways to go, but ultimately this will end-up being a personal decision. However, there is an economic and functional rational that you should consider before coughing up nearly $1K on an arguably cool device.

Given the choices of models and network options, this should definitely NOT be an impulse buy, and I hope you look at it in a reasoned – if not somewhat giddy – way. Here are my thoughts for personal acquisition (not for businesses – you guys need to run POC for at least 3-6 months!):

Basically, there are three models: WiFi, WiFi+3G/ATT & WiFi+3G/Verizon, with three flash variants of each – 16GB, 32GB & 64GB – and two color variants of those – black & white. That’s a total of 18 different SKU’s for iPad2. So here’s how the process breaks down to me:

  1. Since WiFi/Bluetooth is the same on all models, choose first between 3G (includes aGPS) or WiFi-only (no aGPS);
    1. Choose carrier between ATT & Verizon (either are month-to-month):
      1. ATT offers two options for iPad2:
        1. $15/month for 250MB/month; with automatic charge of $15/250MB overage;
        2. $25/month for 2GB/month; with automatic charge of $10/1GB overage;
      2. Verizon offers four options for iPad2 WiFi-only + MiFi:
        1. $20/month for 1GB/month; with automatic charge of $20/GB overage;
        2. $35/month for 3GB/month; with automatic charge of $10/GB overage;
        3. $50/month for 5GB/month; with automatic charge of $10/GB overage;
        4. $80/month for 10GB/month; with automatic charge of $10/GB overage;
        5. Note: MiFi device is free only with a 2-year contract.
      3. Verizon offers four plans for iPad2 WiFi+3G:
        1. $20/month for 1GB/month; with automatic charge of $20/GB overage;
        2. $35/month for 3GB/month; with automatic charge of $10/GB overage;
        3. $50/month for 5GB/month; with automatic charge of $10/GB overage;
        4. $80/month for 10GB/month; with automatic charge of $10/GB overage;
    2. Choose memory size; 3G Models will cost according to their memory size regardless of carrier:
      1. $630 for 16GB, black or white;
      2. $730 for 32GB, black or white;
      3. $839 for 64GB, black or white;
    3. Choose color;
      1. Black;
      2. White;
  2. For WiFi-only models, you’ll give-up accurate location (no aGPS) but save money (see MiFi above for mobile access):
    1. Choose memory size; 3G Models will cost according to their memory size regardless of carrier:
      1. $630 for 16GB, black or white;
      2. $730 for 32GB, black or white;
      3. $839 for 64GB, black or white;
    2. Choose color;
      1. Black;
      2. White;
  3. Choose how you want to purchase:
    1. In-store (5PM local time):
    2. On-line (1AM PST):
  4. Enjoy iPad2 nirvana!

SOLORI’s Take: Steve Jobs really wants to see you on-camera and in line. Apple made a point to require retailers to coordinate sale starts at 5PM local time to be able to maximize “free” advertising benefits based on local, mobile news feeds from “high demand queues” at retailers. There’s no discount for purchasing after standing in a retail store line, so why queue-up without compensation just to be part of the iPad2 marketing push? Buy from an on-line retailer (or wait) and avoid the lines.

As for the model and plan, economically the 16GB iPad2 makes the most sense. If you need 3G but have no interest in using your iPad as a navigation unit while you drive, get MiFi and get the benefit of being able to use it with up to 5 other devices (laptop, iPad1, Android tablet, etc.) If you’re replacing your 32GB+ iPad and laptop (good luck) in this purchase, you may go all out, but don’t be surprised when buyer’s remorse sets-in a month or so hence. Then it comes down to 3G variant: ATT has more global reach (see link above), but beware of “data roaming” charges, while Verizon has a bit better $/GB rates (see above).

If you choose to que-up and volunteer for Steve Jobs unpaid marketing army, good luck and stay safe. According to BestBuy’s playbook, you’ll get a “ticket” for the model you want in line. There will only be tickets enough for the actual models they have and they’ll likely only know what that list is one to two hours before 5PM local time. When all tickets are gone, they’ll issue standby tickets for the next day, etc. At BestBuy at least, you’ll need to leave a $100 deposit with your standby ticket and it will be issued in the form of a $100 gift card usable towards your iPad purchase.

[Update: SOLORI’s iPad2 ordered for the lab at 2:53AM CST from ATT on-line – black, 16GB WiFi+3G, 2GB/mo. data plan. Verizon, Walmart, Target all show iPad2 as unavailable on-line and in stores at 5PM.]

[Update: On-line supplies of iPad2 started at 2-3 business day promised delivery and had gone to 2-3 week delivery by 9:30AM PST.]

[Update: 15-Mar-2011 – USPS delivered iPad2 – 2 business days achieved.]

h1

Quick-Take: iPad2 Launched, Features Left on the Drawing Board

March 2, 2011

The iPad2, Available in "Black or White" on March 11, 2011

No doubt that Apple is the 800lb gorilla in the room when it comes to mobile tablets and phones today. With lack-lustre acceptance of the first “official” Android tablet – Motorola’s Xoom – the new aspects of the Apple iPad2, announced today, will surely keep iPad adopters on-board for the next version. Coming March 11, 2011, the new iPad will come in three memory sizes (16, 32 and 64GB) and be available as an WiFi-only variant (802.11a/b/g/n) as well as a Wi-Fi+3G+aGPS variant (UMTS/HSDPA/HSUPA/GSM/EDGE or CDMA/EV-DO Rev. A) – both with Bluetooth 2.1+EDR.

Besides coming in a “white” model from “day one,” the iPad2 sports the anticipated Apple A5 dual-core system on chip based on the ARM Cortex-A9 CPU. The 9.7 inch LED-backlit multi-touch display features the coveted IPS display technology that gave the original iPad such great color. Additionally, the iPad2 joins the iPhone4 in the dual-camera club with a front-facing VGA camera (suitable for FaceTime) and a rear-facing HD camera (suitable for 720p, 30 fps video).

Apple's HDMI "mirroring" connector includes pass-through 30-pin port for charging.

Rounding-out the features include HDMI output via proprietary 30-pin to HDMI+30-pin adapter (dongle) supporting video to 1080p. Missing from the “dreamed about” feature list are: high-resolution display, removable media, standard USB ports,  autonomous GPS and near field communications interface. At 0.34 inches thick and 1.33 lbs, the iPad2 shed 0.17 lbs and 0.16 inches in thickness by removing the additional display glass, but it kept the original’s 1024×768 display – a slip behind the standard 1280×800 display profile of Honeycomb-wielding 10″ tablets.

Out of the gate, iPad2 versions will be available for AT&T and Verizon Wireless in the US (although specific launch dates for either carrier are not yet available). The iPad in Business section of the release site looks impressive on the surface. The existing list of business oriented applications for iPad together with the obvious polish of the product represents a real obstacle for its competitors (like QNX-based Blackberry Playbook and Android-based Motorola Xoom).

SOLORI’s Take: The iPad2 represents a conservative update to the existing and wildly successful iPad (over 10M units in 2H 2010). Loyalist iPad users are early adopters, so it’s a no-brainer to predict that 3M iPad2’s will ship in H1/2011 to “iPad1″ owners. If it happens, that makes for a solid supply of discarded iPads over the next few months which can actually HELP Apple entrench – giving them an artificial low-end product due to upgrades. Given that there is zero reference to the original iPad on Apple’s site, it’s safe to say that when inventories are gone, iPad2 will be the only game for Apple.

The shortcoming for iPad2 over its Android contenders is physical standards. I mentioned the screen resolution as compared to Android Honeycomb standard, but the Blackberry Playbook comes in under both devices at 1024×600 (last year’s “unofficial” Android tablet standard). While the Playbook is lighter at 0.9 lbs, it’s also smaller (and 0.1″ thicker) – more of a challenger for Galaxy Tab than iPad. Most of the Tegra2 tablets have mini-USB (some have full-size USB) and offer either mini-HDMI or full-size HDMI ports – either on-board or through a docking port. It’s rumoured that Apple has locked-up the IPS display market, but at 1024×768, those opting for higher resolution may turn to Android competitors for more desktop real estate.

Besides matching iPad2 feature-for-feature, Tegra2 Android tablets represent a serious threat (technologically) to iPad2. Another issue is storage: nearly every Android comes with both removable and built-in memory options – something neither iPad or Blackberry offer. In a business world, the ability to quickly exchange data without using WiFi or 3G/4G is huge – especially where remote access applications are concerned. That makes iPad dependent on its wireless carriers and WiFi/hot-spots for data exchange (or docking/undocking to notebook, laptop, etc.) The removable memory feature also allows enterprises to purchase the low-end memory configuration and supplement them with third-party memory or require end-users to supply their own.

Where iPad2 has the biggest advantage is turn-key applications through Apple’s iTunes market, and this is something they’re pressing heavily in today’s marketing message. Forget the clever iPad2 cover, its applications that ultimately make the product valuable to business. If Apple can stay ahead here, enterprise will follow. Unfortunately, Apple may find its “hatred” for Adobe’s Flash a position that could erode its market faster than anything else. Flash could be the great equalizer (or market accelerator) for Android and Blackberry, allowing businesses to rely on web-apps instead of native ones… in the meantime, Google has the clout and growth rate to compel all but the staunchest of application vendors to play both sides of the split market.

h1

Quick-Take: Google Turns to Zynamics after recent Malware Proof

March 2, 2011

With enterprises eyeing mobile “smart” phones and tablets as the next wave of technology to improve worker productivity, responsiveness and presence, the recent infiltration of trojan malware into Google’s Android Market is likely to go unnoticed. However, the ramifications appear to be crystal clear to Google as they responded by quickly snatching-up German reverse engineering firm Zynamics. In a blog post yesterday, Zynamics’ CEO Thomas Dullien – aka Halvar Flake – simply stated:

We’re pleased to announce that zynamics has been acquired by Google! If you’re an existing customer and do not receive our email announcement within the next 48 hours, please contact us at info@zynamics.com. All press inquiries should be sent to press@google.com.

There is still no official press release from Google on the matter, however SecurityWeek and other sources have stated that Google has indeed confirmed the acquisition. It is unlikely that the timing of this announcement is unrelated to the recent Android Market fiasco or the “rumoured” Apple iPad2 launch supposedly to take place today at 10:00 AM PST.

An estimated 50,000-200,000 users downloaded tainted apps from Google Market before the items were pulled-off the site. Of course, Apple is not without its share of  problems in iPad. There was a major breach in June, 2010 resulting in at least 114,000 compromised iPad users including then Obama White House Chief of Staff Rahm Emanuel.  However, in the iPad case the breach came as a result of a direct attack on iPad vulnerabilities where the Android compromise attacked a weakness in Google’s Market policies – essentially taking a “trusted back door” approach.

Meanwhile, VMware has been on the road promoting it’s mobile virtualization platform with partner LG. In a hands-on video at the 2011 Mobile World Congress taken by Engadget, the VMware mobile hypervisor can be seen fronting two phones within a phone. While this approach can help to secure corporate data from infiltration of the “consumer” side of the schizophrenic cell phone, it cannot protect the phone from OS vulnerabilities (like the iPad Safari weakness) or authorized deployment vectors (like Google’s Market infiltration.) To protect assets from these kind of attacks, the use of mobile anti-virus and anti-malware will be imperative.

SOLORI’s Take: VMware’s type II hypervisor does enable corporate policy enforcement that would bee too “draconian” for most users to co-exist with their personal or mixed-use phone or tablet . While no official word from VMware has been given on when their mobile hypervisor will make the leap from phone to tablet, it’s not a huge leap given the software has already been shown on the Nexus One and LG Optimus Black.

Given that the LG Optimus is based on TI’s Omap 3630 and the Nexus One incorporates the older Qualcomm Snapdragon chipset, and both are based on ARM Cortex-A8 CPU core found in many Android and Apple iOS devices, VMware’s offering appears to be very mature. Also, it is only a type II hypervisor so it should be no time until we see it running on more current, mainstream devices running ARM Cortex-A9 CPUs used in Nvidia Tegra2-based devices like LG Optimus 2X, Motorola Altrix/4G & Xoom or the rumoured Apple A5 chip “destined” for iPad2 and iPhone 5 or even the new TI Omap 4430 that power the like of the Blackberry Playbook.

Can a type II hypervisor quell corporate America’s security concerns about information leakage and IP theft? Given the right deployment model, tools and resources it represents a step in the right direction. The jury’s still out to see how wireless sharing, two separate data plans and two anti-malware threads affect run-time on platforms that threaten the delicate balance of usability and battery life…

Follow

Get every new post delivered to your Inbox.

Join 49 other followers