Scarcely a day passes without The Register's virtualization desk being approached by VMware's rivals seeking a chance to explain the merits of their products and cash in on assumed dissatisfaction with the licensing regime Broadcom has imposed. But last month, VMware quietly took a swipe at those rivals with an updated virtual machine conversion tool.

The tool is the unheralded and somewhat obscure vCenter Converter - a tool that moves virtual machines from one format to another.

VMs are essentially disk images wrapped in metadata that varies depending on the platform with which they were created, so converting them isn't vastly difficult. But it's not the sort of job anyone would relish doing manually, so plenty of vendors offer migration tools.

The existence of such tools recognizes that some orgs have multi-hypervisor environments, and is also a competitive asset that helps vendors to assure customers that a move to their platform won't be onerous.

Version 6.6 of the converter, debuted quietly in a community post, "closes important gaps from functional perspective, by finally providing the capability to convert KVM-based workloads," wrote community manager Todor Raykov.

KVM is an open source virtualization module that lets the Linux kernel serve as a hypervisor.

It's the basis of the AHV hypervisor used by Nutanix, and is also used by Red Hat's virtualization products and the RHV formats they use.

VMware has therefore taken a little swipe at two of the leading contenders as its replacement, should customers bruised by Broadcom's licensing changes be contemplating a move.

KVM is also used by Amazon Web Services in its Nitro hypervisor. VMware could therefore conceivably be taking a swipe at its biggest cloud partner, too.

vCenter Converter has also added support for RHEL 8 & 9 as source OSes, and done the same for Ubuntu 22.04 and 20.04.

VMware users have plenty to consider at the moment, but plenty remain committed to the vStack and have plenty of time before they need to decide whether they can tolerate Broadcom's stewardship of the virtualization giant or need to make a move. While orgs ponder those matters, the updated Converter means they can easily bring more workloads to their VMware environments.

Another factor that may influence VMware users' thinking is the security of its products, which has of late been a matter to ponder. It has had to patch a few critical flaws and found its platforms under more frequent attack as crims realize that cracking a host running vSphere potentially gives them access to many servers.

The latest item of concern on the vSecurity front arrived on Tuesday, with CVE-2024-22245 - a critical-rated flaw (9.6/10 CVSS score) in the Enhanced Authentication Plug-in. That's code that provides Integrated Windows Authentication and Windows-based smart card functionality. The flaw is an Arbitrary Authentication Relay vulnerability that could allow a malicious actor to trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary Active Directory Service Principal Names.

The Plug-in is also vulnerable to CVE-2024-22250 - a 7.8-rated session hijack bug.

VMware deprecated the Plug-in in 2021, which likely explains why its advice is to remove the software from your environment to remediate its flaws. ®

https://www.theregister.com//2024/02/21/vmware_kvm_converter/