Secure Network is an Italian consulting firm focuses on network and application security assessment.
One of its partners, Claudio Criscione, is a long time columnist here at virtualization.info.

Secure Network is working on the first security assessment toolkit for virtual infrastructures, VASTO, and Criscione announced today the public beta at the Troopers conference.

VASTO comes as a set of components for Metasploit, one of the most popular frameworks for penetration testing in the security industry.
The framework consists of tools, libraries, modules, and user interfaces. The basic function of the framework is a module launcher, allowing the user to configure an exploit module and launch it at a target system. If the exploit succeeds, the payload is executed on the target and the user is provided with a shell to interact with the payload. Hundreds of exploits and dozens of payload options are available.

What Secure Network released today is a number of open source modules that perform a number of different attacks: from hijacking a connection to the virtual infrastructures web-based management consoles (against VMware VI/vSphere, Server 1.x, Converter and even Citrix XenCenter) to password bruteforcing (against VMware and Xen platforms), up to a path traversal attack (against VMware ESX, ESXi and Server web interfaces).
The toolkit even includes an attack against VMware Studio.

The first round of beta version of the modules can be downloaded here. Secure Network promises more to come.

In December 2009 Microsoft acquired the run-book automation firm Opalis Software.
At that time the company anticipated that Opalis technology would be integrated in the System Center product family and that it would become the automation layer for Hyper-V and Azure virtualization.

Today Microsoft offers additional details about when the integration with happen: integrations packs for UNIX, Red Hat RHEL and Novell SLES Linux will be released in Q2 2010, while integration packs for Service Manager 2010, Configuration Manager (SCCM) 2007 R2, Virtual Machine Manager (SCVMM) 2008 R2 and Data Protection Manager (DPM) 2010 will appear in Q3 2010.

A tighter integration anyway can’t be expected before 2011 when Microsoft plans to release the next major version of Opalis.

The automation platform has been included in the Microsoft Server Management Suite Enterprise (SMSE) and Datacenter (SMSD) licenses which will cost more starting July 1. 

Now that VMware owns a technology that is far away from its primary business, the Spring Java framework and a couple of application servers, one of its primary challenges is building awareness among its customers.

To do so, the company is offering complimentary and perpetual licenses (2 CPUs) of its Tomcat application server called tc Server to any customer buying other VMware products, including vSphere and View.

VMware is not offering the existing editions of tc Server but a new one that integrates with the Spring framework and supports Spring applications.

It’s pure speculation, but customers would rather prefer to have for free the third piece of the SpringSource acquisition: the Hyperic monitoring suite.
Interestingly enough, not only VMware is not offering any special deal for Hyperic, but it even removed Hyperic components from tc Server. While previous versions of the application server in fact included some of them to provide insight about the application performance, the new Spring Edition doesn’t.

This means that either VMware is confident in its capability to sell Hyperic tools without incentives or the monitoring suite is not robust enough for VMware standards.

While Hyper9 continues to build features on top of its search engine for virtual infrastructures, it also keeps R&D resources busy on parallel projects.

The last one, released a few days ago, is SimDK, an open source tool able to simulate the vSphere behavior.
Users can connect to the SimDK service with VMware clients, like the PowerCLI or the standard vSphere Client.
It’s primarily aimed at developers that want to do QA and testing, verify APIs compatibility or perform load and scalability testing, but it can be used to test, for example, 3rd party scripting tools like the Quest/Vizioncore Virtualization EcoShell Initiative (VESI).

SimDK can even emulate the vSphere APIs against a different hypervisor (like Citrix XenServer or Microsoft Hyper-V).
What happen here is that the tool acts as a proxy, translating the commands issued through the VMware APIs in something that other virtualization platforms  can understand.

Here’s a video of the product in action: