In late November Dell was caught unwittingly selling PCs with massive security vulnerabilities in them, making it easy for bad guys to intercept and decrypt supposedly secure https traffic.
That's very bad indeed, because it means hackers can read email, look at banking transactions and use the vulnerability to trick these PCs into trusting their malware or believing they are connecting to a real banking site even when they are not.
How did this come about? It turns out Dell has been installing its owned trusted root certificate – called eDellRoot – on its machines, along with the certificate's private key. The self-signed root certificate does not expire until 2039, so the problem will persist unless fixed.
It's a security blunder of epic proportions, and very similar indeed to Lenovo's Superfish security fiasco. The good news is that Dell is now aware of it, and the company has taken steps to fix the problem.
Security expert Graham Cluley points out that Dell was rather smug when the Lenovo Superfish business blew up. The company put the following text on its website:
"Dell is serious about your privacy. Worried about Superfish? Dell limits its pre-loaded software to a small number of high-value applications on all of our computers. Each application we pre-load undergoes security, privacy and usability testing to ensure that our customers experience the best possible computing performance, faster set-up and reduced privacy and security concerns."
So what, you may ask, has all this got to do with server virtualization? Nothing really, until you consider that Dell is heavily involved in the enterprise IT space, and is also in the process of acquiring EMC and its 81% stake in VMware. That means Dell's going to be the biggest cheese in the server virtualization world very shortly — assuming the deal goes through to completion.
Now you could argue the eDellRoot scandal doesn't exactly inspire confidence that Dell is the ideal vendor to be buying VMware and its hypervisors. But everyone can make a mistake, so there's nothing substantial there to suggest that Dell won't be a fine steward of VMware.
EMC / VMware Acquisition Running into Complications
But again, that's assuming the deal goes through. And things don't seem to be progressing quite as smoothly as Dell might have hoped. The deal was announced on October 12th, when VMware's stock traded at over $80. Since the announcement it has plummeted to under $58.
Part of the reason for this relates to Virtustream, a hybrid cloud management software vendor EMC acquired in May 2015 for $1.2 billion and which was to be one of the separate businesses in the EMC Federation.
The idea was that as part of the Dell acquisition of EMC, Virtustream would become a joint venture between EMC and VMware with both companies owning half of the company. But Virtustream is forecast to make a loss of as much as $300 million, so the prospect of acquiring 50% of that loss didn't do any good to VMware's share price. There was even talk of VMware taking all of the losses on its books.
This Virtustream joint ownership idea was abandoned in a spectacular U-turn in mid-December , but even so VMware' stock price has not recovered.
Now that's important because of the way the deal was structured: EMC shareholders get $24.05 per share in cash, plus stock that tracks VMware's stock price. And the value of VMware's stock has of course tanked since the deal was announced.
And just to make things more complicated, there's the specter of Dell being handed a tax bill of $9 billion because of the tracker stock, as Re:Code reports.
Whatever is decided, the deal – if it does happen – won't likely be finalized until mid-2016 at the earliest.
That's a long period of uncertainty for VMware, which operates in an industry that changes by the month: the company has historically made frequent acquisitions to ensure it stays at the forefront of technology, and right now the virtualization industry is busy responding to the emergence of container technology.
So six months of uncertainty over ownership is hardly going to be a benefit to the company.
And if the acquisition does finally go through, what then? Well, VMware will then largely be owned by Dell, the company that just put many of its customers at risk with a schoolboy security error in its PC offerings.
All in all, it's a precarious and rather unexpected position for VMware to find itself in as 2015 draws to a close.
Paul Rubens is a technology journalist and contributor to ServerWatch, EnterpriseNetworkingPlanet and EnterpriseMobileToday. He has also covered technology for international newspapers and magazines including The Economist and The Financial Times since 1991.