QEMU with Open vSwitch networkThis article is designed to show the steps needed to create a basic and minimal Open vSwitch network to be used by a QEMU virtual machines(s) managed with libvirt. This type of network provides a much more powerful switching solution than the legacy NAT and bridge forwarding solutions. NoteThis article is written with the assumption that you already understand how to create and configure a QEMU virtual machine and how to manage them using libvirt and related tools like virsh.Contents1 Context2 Background on OpenFlow and Open vSwitch3 System Setup3.1 Kernel3.2 libvirt3.3 Open vSwtich3.3.1 Startup and enable the daemons:3.4 Setup eth13.5 Setup vSwitch3.6 Setup libvirt3.7 OpenRC4 ClosingContextThere all quite a few different networking designs that can be created; but for the sake of keeping this simple we are going to work under the assumption that we are trying to configure a host OS on a computer that has 2 physical ethernet ports. The first port (eth0) i...

How to fake a VMs guest OS CPUID For the most software products the license verification is done with license keys. During my time in the IT I have also seen some products, where the license is tied to the underlying hardware of your server. Mostly this is realized with license files, which include the ID of your CPU. The application checks if the ID within this file matches to the actual CPU ID to complete this mechanism. I have virtualized some servers with applications, which used this kind of license checks. The normal and probably easiest way is to request / generate a new license file for your new (virtual) hardware. Some weeks ago a customer had the special situation that the software vendor didn´t exists anymore and his physical old server was crashing all the time, which was hosting this special application. He already created a new VM and installed the application but didn´t get any further, because the license file wasn´t accepted. Without a valid license the application d...

Virtual Development BoardIf you want to have an Embedded Linux Development Board, and you don't want to pay for it, then you can DIY a Virtual Development Board.The Virtual Development Board is an emulation board which made from QEMU, actually it's a Virtual Machine. Contents1 Debug Mode1.1 QEMU1.1.1 Download QEMU1.1.2 Install QEMU1.2 Bootloader1.2.1 Prepare Cross Toolchain1.2.2 Download U-Boot1.2.3 Cross compile U-Boot1.2.4 Debug U-Boot1.3 Linux Kernel1.3.1 Download Linux Kernel1.3.2 Cross Compile Linux Kernel1.3.3 Load Linux Kernel1.3.3.1 Download and Install Open TFTP Server1.3.3.2 prepare qemu-ifup & qemu-ifdown1.3.3.3 tftpboot uImage1.3.4 run linux kernel1.3.4.1 prepare the rootfs1.3.4.2 prepare the nfs1.3.4.3 run linux kernel1.4 driver1.4.1 add a device to QEMU1.4.2 write the device driver1.5 GUI2 Run Mode2.1 QEMU2.1.1 Support FLASH on QEMU2.1.2 Fix Compilation Errors2.2 U-Boot2.2.1 burn U-Boot into flash3 References4 External linksDebug ModeQEMUDownload QEMUThere are two wa...

Arm64QemuQemu 2.0 includes arm64 support, and Debian 8 (and above) fully supports it. BackgroundIn October 2013 the arm64 (aarch64) qemu port became publicly available. It is a user-space emulation, so it may not be applicable to all development tasks. It is fine for building software, and it is _much_ faster and often easier to use than ARM's proprietary (free beer) Foundation Model. The development was done by folks at SUSE Linux, so kudos to them. This code was incorporated into Qemu 2.0 in March 2014 by Linaro, and there is no longer a need to build arm64 from the development branch. You can verify support by checking for the availability of the aarch64 interpreter: # update-binfmts --display | grep -i aarch qemu-aarch64 (enabled): interpreter = /usr/bin/qemu-aarch64-staticInstallationSince Debian supports arm64, installation is as simple as as the following. Step 1The first task is to elevate to root: $ su - password: #Step 2The second step is to configure locales so your Qem...

Testing QEMU ARM TrustZoneA while back we wrote about the QEMU implementation of ARM TrustZone, also known as ARM Security extensions support, and now that this work is being accepted into mainline QEMU we want to highlight some aspects about the usage model and testing of the functionality.Ongoing Work and ProgressSince the last post, the bulk of the ARM CPU Security Extension support has made it to upstream QEMU. Although the functional support is now available upstream, it is currently disabled while the details of the usage are ironed out. Specifically, command line options are being added to allow users to enable or disable the ARM Security extensions from the command line. This is especially important for maintaining backwards compatibility of existing machine models incorporating TrustZone enabled processors.Achieving backwards compatibility and allowing easy future use of ARM TrustZone, we are introducing the following configuration changes:The Security Extensions will be avai...

ARM® TrustZone® in QEMUEver used an application on your smartphone or tablet that accesses security sensitive information such as banking, personal health information, or credit cards?  The demand for mobile devices to do more and more is rapidly growing and includes increased security sensitive tasks.  At the same time, malicious apps are also flooding mobile app stores in hopes of exploiting security holes to take advantage of unsuspecting users.Can we rely on certain apps to protect our personal data and prevent undesired and unauthorized access?  The current solution is to present users with warning dialogs when downloading applications and otherwise trust the rest of the system.  This does not work for a number of reasons.  First, existing protection and isolation principles may not work.  Second, applications may not be implemented according to secure programming guidelines.  Third, other users of devices (such as children or friends) m...

加容易，所以之前也就没有再单独写这部分的文章。 最近遇到几个案例都是探讨虚机备份和低成本的异地灾备的，而且这几天在做 Windows Server 2012 R2 Preview 到 RTM 迁移时也涉及到了 Hyper-V 复制，所以打算写篇东西出来跟大家分享分享，也算给自己留个存档。Hyper-V 复制，即：Hyper-V Replica，也称之为 Hyper-V 副本，是一种异步虚拟机复制技术，基于 HTTP 协议进行传输，所以它也非常适合应用在广域网环境中。在设计上，Hyper-V 复制主要用于商业连续性和灾难恢复场景。因为不需要任何共享存储，所以该技术可用于任何服务器、网络或存储供应商的设备。 要为 Hyper-V 主机启用复制功能，首先确保当前主机已经加入到 AD，并参考无需共享存储的实时迁移对主机做 Kerberos 委派，添加“hyper-v replica service”，然后还要修改当前主机的 Hyper-V 设置，在“复制配置”下勾选“启用此计算机作为副本服务器”，并选择“使用 Kerberos (HTTP)”端口保持80默认，在“授权和存储”选项下，选择“允许从任何经过身份验证的服务器重进行服务”，并指定副本的默认存储位置。可参考下图设置： 在完成上述设置后向导会提示防火墙设置的相关警告，我们只需要进入防...

您所在的组无权查看该日志

访问 VMware vCenter Server、VMware ESXi 和 ESX 主机以及其他网络组件所需的 TCP 和 UDP 端口 (2081930) Symptoms 免责声明：本文为 TCP and UDP Ports required to access VMware vCenter Server, VMware ESXi and ESX hosts, and other network components (1012382)的翻译版本。尽管我们会不断努力为本文提供最佳翻译版本，但本地化的内容可能会过时。有关最新内容，请参见英文版本。 Purpose 以下服务和代理通常在 VMware vSphere 环境中提供：CIM HTTP 服务器（不安全服务） CIM HTTPS 服务器 FTP 客户端（不安全服务） FTP 服务器（不安全服务） iSCSI 软件客户端 NFS 客户端（不安全服务） NFS 服务器（不安全服务） NIS 客户端 NTP 客户端 SMB 客户端（不安全服务） SNMP Server SSH 客户端 SSH 服务器 Syslog 客户端 Telnet 客户端（不安全服务） Telnet 服务器（不安全服务） 安装的其他受支持管理代理vCenter Server、ESX 主机和其他网络主机使用预先确定的 TCP 和 UDP 端口来访问。如果从防火墙外部管理网络组件，可能需要重新配置防火墙以允许在相应端口上访问。本文提供有关 VMware 产品所需的端口的信息。有关详细信息，请参见与产品相关的文档：VI 3...

备份和还原 vCenter Server Appliance vPostgres 数据库 (2096200) Purpose 免责声明：本文为 Backing up and restoring the vCenter Server Appliance vPostgres database (2034505) 的翻译版本。尽管我们会不断努力为本文提供最佳翻译版本，但本地化的内容可能会过时。有关最新内容，请参见英文版本。 本文提供了备份和还原 vCenter Server Appliance (VCSA) vPostgres 数据库的步骤。注意：本文仅支持将 vPostgres 数据库备份和还原到同一 vCenter Server Appliance。使用基于映像的备份和还原是执行完整的辅助设备还原所支持的唯一解决方案。 Resolution 在开始之前，请确保已安装：用于连接到 vCenter Server Appliance 的 SSH 客户端。 用于检索和替换 vPostgres 数据库恢复文件的 WinSCP（或任何 SCP 客户端）。 备份嵌入式 vPostgres 数据库 要备份嵌入式 vPostgres 数据库，请执行以下操作：通过 SSH 连接到 vCenter Server Appliance。有关详细信息，请参见 vCenter Server 5.5 and Host Management Guide 中的在 VMware vCenter Server Appliance 上启用或禁用 SSH 管理员登录部分。 出现提示时，以 root 用户身份登录。默认密码为 vmware。 使用以下命令停止 v...