-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Fri, Oct 13, 2017 at 01:20:14AM -0400, '[799]' via qubes-users wrote:
> Hello,
>
> Currently I still need to run a 2nd OS to use VMware Workstation to prepare/test VMs/Setup for customers.
>
> I'd like to prepare VMs in Qubes and then migrate/export them to the customers environment which are mostly based on VMware vSphere/ESXi.
>
> Questions:
>
> a) How can I get a (H)VM out of Qubes into a VMware VM. If I know what to do, I can script this to get a good workflow.
> Worst Case Szenario would be to backup the VM, then manually create a new VM in vSphere, boot with a live Linux and recover the VM - so mainly migrating the harddrive from Qubes/Xen to a VMware .vmdk/virtual harddrive
I assume you use Qubes 3.2.
You can get VM's disk image from
/var/lib/qubes/appvms/<name-of-vm>/root.img. This is raw disk image in
sparse file. You can convert it to vmdk using qemu-img tool, like this:
qemu-img convert -f raw -O vmdk /path/to/root.img /path/to/root.vmdk
This should work with HVM created on Qubes. But not for template-based
AppVMs - which heavily depends on Qubes infrastructure.
In case of Windows, you may need to prepare such operating system
for migration - look for migrating Windows installation to a different
hardware (AFAIR the tool is named sysprep).
> Other possible approach:
>
> b) Is it possible to do "nested virtualization" and create something like a 'monster-VM" in Qubes in which I install VMware Workstation or ESXi to prepare/test VMs and then export them from there?
No, nested virtualization is not supported (on purpose, because its
complexity -> large attack surface).
> c) Do you have any other idea how to use Qubes as primary OS to provision VMs locally and migrate them to vSphere/ESXi at the end of the workflow?
> Or is this task not solveable in a good way with Qubes?
>
> Working with Qubes at the customer location would greatly improve security for both sides as I can use separate VMs for each customer or work with disposable VMs when connecting to the network.p
>
> Kind regards
>
> [799]
>
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJZ3zBrAAoJENuP0xzK19csygIH/2gNHJY3I1p8Jg0r735Ql/n/
2lnHus8UHQZrpr545epTf9uU1dRilwlpF4WLkXNAUdMjhjQ3L6HKNeOJKPW7Jiy0
Ss5BdIxQ0oTAiSKrS7TQ1xO3Jw07fV9ZCCmiSPwpWr8YecFBiKGRRi8P0VzKEg+h
Pdv949bq0pQf/V5G2Dw3ZPcocAvK9T6Y6B79OMXeS5YHqf3nh/dPIG5H53CWggSQ
RB0Hjga20XntFDvab4z7pOgk7qTrc3o+g/HEguOJ0yCP7HeMirkBsrXiluzsrbNl
hpTu/n1pXaljrnqmuAENLwNL6RKtu9Y1I3Wan1pB66pCrrAEuIPwcmToJ0xXdMI=
=S/aE
-----END PGP SIGNATURE-----