Wednesday, March 30, 2011

Figuring out if a server you are connecting to is virtualised?

Is there a way to figure out if a win 2003 server server you are connecting to is virtualised? I tried asking but not 100% sure of the answer is correct.

From stackoverflow

  • This depends on a couple of factors.

    1. Are you using remote desktop to connect to the server and can you gain access to system files and folders?
    2. Do you know what type of virtualization software is running the server?

    Without know that information this question may be a litle difficult to answer correctly. There are a large number of virtualization software vendors and each of them have different setups that are in the virtual servers.

    Without more information, the short answer is no. To the actual guest operating system it looks and acts like an operating system that is running on bare metal.

  • You could look for support software installed, for instance VMware usually installs VMware Tools on the guest operating system.

  • Here's a decent explanation. You can check the manufacturer of a piece of hardware from WMI or within Device Manager to determine if it's a physical device or not.

    http://blogs.msdn.com/virtual_pc_guy/archive/2005/10/27/484479.aspx

    Can you tell us any more about how you're connecting to this server?

  • I guess looking at the Device Manager (Control Panel | System | Hardware | Device Manager) should give you a good idea.

    On one server, running on VMWare ESX, I see the following tell-tale signs of a virtual machine:

    • System Devices: VMware server memory controller
    • Network adapters: VMware Accelerated AMD PCNet Adapter
    • Mice: VMware Pointing Device
    • Disk drives: VMware Virtual disk SCSI Disk Device

    A simple test that detects a VMware network adapter, is:

    ipconfig /all | grep "VMware Accelerated"

    (would perhaps also detect a host running VMware workstation)

  • This is a duplicate of this question: How to identify that you’re running under a VM?.

    Quoting from the accepted answer to that question by JawnV6:

    The classic trick to detect a VM is to populate the ITLB, run an instruction that must be virtualized (which necessarily clears out such processor state when it gives control to the hypervisor), then run some more code to detect if the ITLB is still populated. The first paper on it is located here, and a rather colorful explanation from a researcher's blog is located here.

Posted by Ku XI at 9:44 AM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)