Hi, 2009/5/21 Obiozor Okeke <obiozorok...@yahoo.com>: > Hi Diana (and Stuart) thanks for all your advice. > > The problem or nut we're > trying to crack is that we're trying to deploy OpenBSD to remote clients and > we wanted an inexpensive but very high reliability system with the flexibility > to change configurations (switch in/out different VMs) and add/modify services > remotely on-the-fly. For example we could upgrade a client from 4.4 to 4.5 > along with all the custom apps and client data packaged in a VM. We would > grab the old 4.4 VM bring it back to our lab, then upgrade and re-configure it > the way we wanted to and drop it back on the ESXi. Then just change the > network configs and switch the old for the new all remotely without ever > visiting the client > > Thanks again all.
Even if this were feasible (given the hardware limitations of the 5501), you would still have to maintain ESX in a manner which requires console access. Wrapping OpenBSD up in ESX defeats the typical purpose of using OpenBSD. ESX and other x86 virtualization software introduces a whole new vulnerable layer of software which requires patching and rebooting. Take it from the horses mouth... "A critical vulnerability in the virtual machine display function might allow a guest operating system to run code on the host. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1244 to this issue." http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=disp layKC&externalId=1009853 "A memory corruption condition might occur in the virtual machine hardware. A malicious request sent from the guest operating system to the virtual hardware might cause the virtual hardware to write to uncontrolled physical memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-4917 to this issue." http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=disp layKC&externalId=1007507 "VMware addresses an in-guest privilege escalation on 64-bit guest operating systems. VMware products emulate hardware functions including CPU, memory, and I/O. A flaw in VMware's CPU hardware emulation could allow the virtual CPU to jump to an incorrect memory address. Exploitation of this issue on the guest operating system does not lead to a compromise of the host system, but could lead to a privilege escalation on guest operating systems. An attacker would need to have a user account on the guest operating system. Affected guest operating systems include 64-bit Windows, 64-bit FreeBSD, and possibly other 64-bit operating systems." http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=disp layKC&externalId=1007090 This is just a small sample. All this will get you extra complexity and the doubt that a problem with the guest software is really with it or the host. Shane
