Virtualization Virtual Data Center Design. Goals Mengapa membutuhkan virtualisasi ? Memahami dasar...

Virtualization

Virtual Data Center Design

Goals

• Mengapa membutuhkan virtualisasi ?

• Memahami dasar dari virtualisasi

• Teknologi virtualisasi

3

Problem• Perusahaan IT center mendukung berbagai macam aplikasi

• Microsoft Exchange• Oracle• SAP• Web servers• Citrix• …

• Setiap layanan aplikasi membutuhkan environment yang berbeda-beda• Specific version of operating system• Multiple processors and disks• Specialized configurations

4

Problem (continued)

• Kerumitan menggabungkan layanan pada satu server yang sama • Konflik kebutuhan • Beban perangkat lunak yang tidak mampu di atasi perangkat

keras• Kerumitan melakukan upgrade atau comissioning sebuah layanan

• Membuat server shadow untuk proses debug dan test• Rumit dalam changeover

• Kerumitan dalam menambah atau upgrade perangkat keras maupun OS

• Testing dan melakukan benchmarking konfigurasi pada layanan yang aktif

• Impossible load balancing

• Layanan terikat pada satu sistem

• Sebagian underused, sebagian overused

Virtualization

• Virtualisasi Isitilah dalam komputasi yang mengacu pada sumber daya komputer.

• Definisi – Teknik menyembunyikan sumber daya fisik komputer – End user tidak berinteraksi secara langsung – Satu sumber daya fisik berfungsi sebagai multi logical resource– Atau multi sumber daya fisik muncul sebagai satu sumber daya

logical

Virtualization

• Tema utama dari teknologi virtualisasi adalah menyembunyikan detil teknik melalui proses enkapsulasi.

• Virtualisasi membuat sebuah antarmuka eksternal yang menyembunyikan implementasi yang terjadi didalamnya seperti proses multiplexing dsb dengan menggabungkan sumber daya dari beberapa lokasi yang berbeda atau dengan melakukan penyederhanaan kontrol sistem.

Virtualization

• Terbagi menjadi dua kategori utama : – Platform virtualisasi melibatkan simulasi dari

mesin virtual – Resource Virtualisasi melibatkan simulasi dari

sumberdaya yang digabungkan atau disederhanakan

Platform Virtualization • Pembuatan mesin virtual yang digunakan sebagai

kombinasi dari perangkat keras dan perangkat lunak sebagai platform virtualisasi.

• Dilakukan diatas sebuah platform perangkat keras (“host”) dengan sebuah software sebagai kontrol yang dapat membuat sebuah lingkungan simulasi komputer (Virtual Machine) atau “guest”

• “Guest” adalah berjalan sebagai OS seperti layaknya terpasang pada sebuah hardware platform standalone

• Untuk membuat “guest” system bekerja dengan baik, sistem harus bersifat robust untuk mendukung sistem external dari “guest”

• Terdapat beberapa pendekatan ( bukan merupakan terminologi universal ) :– Emulation / Simulation– Native dan Full Virtualization

Platform Virtualization

• Emulation or simulation – Berjalan pada CPU yang berbeda untuk tiap “guest”– Bochs, PearPC, PPC version of Virtual PC, QEMU.


• Native virtualization and full virtualization – VM disimuliasikan pada hardware berjalan

pada satu CPU yang sama dan berjalan secara terisolasi

– Diawali pada 1966 oleh CP-40 dan CP[-67]/CMS, predecessors dari IBM's VM family.

• Contoh lain : – Virtual Iron, VMware Workstation, VMware Server

(formerly GSX Server), Parallels Desktop, Adeos, Mac-on-Linux, Win4BSD, Win4Lin Pro, and z/VM.


Full virtualization Menggunakan hypervisor untuk membagi ‘hardware;

Hypervisor

• Hypervisor adalah platform virtualisasi yang mampu membuat multiple OS untuk berjalan pada sebuah host pada waktu bersamaan. Terminologi ini mengacu pada sebuah implementasi yang menggunakan full virtualization

• Hypervisor diklasifikasikan menjadi 2 bagian : – Tipe 1 Hypervisor ( atau tipe 1 VMM) adalah software yang

berjalan langsung pada platform hardware (sebagai OS). Dan “guest” akan berjalan pada level ke 2 diatas hardware

• The classic type 1 hypervisor was CP/CMS, developed at IBM in the 1960s, ancestor of IBM's current z/VM. More recent examples are Xen, VMware's ESX Server, and Sun's Hypervisor (released in 2005).

– Type 2 hypervisor (or Type 2 virtual machine monitor) adalah software yang berjalan pada OS yang berjalan pada level ke 3 diatas hardware

• Examples include VMware server and Microsoft Virtual Server.

Hypervisor

• Partial virtualization (and including "address space virtualization")– VM mensimulasikan beberapa instances pada

sebuah lingkungan hardware tetapi tidak memisahkan “guest” OS.


• Paravirtualization– VM tidak perlu mensimulasikan hardware

tetapi memberikan API yang dapat digunakan untuk memodifikasi guest OS hypercall.


Paravirtualization shares the process with the guest operating system

• Operating system-level virtualization– Melakukan proses virtualisasi server pada OS level,

mengaktifkan multiple vserver virtuan untuk berjalan pada satu server fisik. Lingkungan “guest” akan melakukan share OS yang sama sesuai dengan host system misal menggunakan kernel yang sama untuk membuat sebuah “guest”

• Examples are Linux-VServer, Virtuozzo, OpenVZ, Solaris Containers, and FreeBSD Jails.


Operating system-level virtualization isolates servers

Resource Virtualization

• Konsep virtualisasi semakin berkembang untuk implementasi sumber daya sistem secara spesifik misalkan untuk storage dan network.

• Resource aggregation, spanning, or concatenation combines individual components into larger resources or resource pools. For example:– RAID Volume manager menggabungkan beberapa disk menjadi

satu logical disk– Virtualisasi storage merefer pada proses membentuk sebuah

storage logical dan biasanya digunakan pada SAN. Dimana satu physical storage di agregatkan menjadi beberapa pool storage.

– Channel bonding pada sebuah network equipment, menggunakan multiple links untuk digabungkan dan bekerja menjadi satu sehingga mendapatkan bandwidth yang lebih tinggi.

– VPN dan NAT Virtual Circuit– Multiprocessor

Resource Virtualization

Linux-related virtualization projects

Project Type License

Bochs Emulation LGPL

QEMU Emulation LGPL/GPL

VMware Full virtualization Proprietary

z/VM Full virtualization Proprietary

Xen Paravirtualization GPL

UML Paravirtualization GPL

Linux-VServer Operating system-level virtualization

GPL

OpenVZ Operating system-level virtualization

GPL

The layers of IT-as-a-Service

Platform as a Service

High VolumeTransactions

Software as a Service

Servers Networking Storage

Middleware

Collaboration

Business Processes

CRM/ERP/HRIndustry

Applications

Data Center Fabric

Shared virtualized, dynamic provisioning

Database

Web 2.0 ApplicationRuntime

JavaRuntime

DevelopmentTooling

Cloud Service

• Software as a Service (SaaS)SalesForce.Com, Yahoomail, Google Docs

• Platform as a Service (PaaS)Google App Engine API, Microsoft Azure, Manjrasoft Aneka..

• Infrastructure as a Service (IaaS)CPU, Storage: DropBox, Amazon.com, Nirvanix, GoGrid, VPS….

Bochs (emulation)• Bochs is an x86 computer simulator that is portable and runs on a

variety of platforms, including x86, PowerPC, Alpha, SPARC, and MIPS. What makes Bochs interesting is that it doesn't just simulate the processor but the entire computer, including the peripherals, such as the keyboard, mouse, video graphics hardware, network interface card (NIC) devices, and so on.

• Bochs can be configured as an older Intel® 386, or successor processors such as the 486, Pentium, Pentium Pro, or a 64-bit variant. It even emulates optional graphics instructions like the MMX and 3DNow.

• Using the Bochs emulator, you can run any Linux distribution on Linux, Microsoft® Windows® 95/98/NT/2000 (and a variety of applications) on Linux, and even the Berkeley Software Distribution (BSD) operating systems (FreeBSD, OpenBSD, and so on) on Linux.

QEMU (emulation)• QEMU is another emulator, like Bochs, but it has some differences that are

worth noting. QEMU supports two modes of operation. The first is the Full System Emulation mode. This mode is similar to Bochs in that it emulates a full personal computer (PC) system with processor and peripherals. This mode emulates a number of processor architectures, such as x86, x86_64, ARM, SPARC, PowerPC, and MIPS, with reasonable speed using dynamic translation. Using this mode, you can emulate the Windows operating systems (including XP) and Linux on Linux, Solaris, and FreeBSD. Many other operating system combinations are also supported (see the Resources section for more information).

• QEMU also supports a second mode called User Mode Emulation. In this mode, which can only be hosted on Linux, a binary for a different architecture can be launched. This allows, for example, a binary compiled for the MIPS architecture to be executed on Linux running on x86. Other architectures supported in this mode include ARM, SPARC, and PowerPC, though more are under development.

VMware (full virtualization)• VMware is a commercial solution for full virtualization. A hypervisor

sits between the guest operating systems and the bare hardware as an abstraction layer. This abstraction layer allows any operating system to run on the hardware without knowledge of any other guest operating system.

• VMware also virtualizes the available I/O hardware and places drivers for high-performance devices into the hypervisor.

• The entire virtualized environment is kept as a file, meaning that a full system (including guest operating system, VM, and virtual hardware) can be easily and quickly migrated to a new host for load balancing.

z/VM (full virtualization)• While the IBM System z™ is a new brand name, it actually has a

long heritage originating back in the 1960s. The System/360 supported virtualization using virtual machines in 1965. Interestingly, the System z retains backward compatibility with the older System/360 line.

• The z/VM® is the operating system hypervisor for the System z. At its core is the Control Program (CP), which provides the virtualization of physical resources to the guest operating systems, including Linux (see the figure on the next slide). This permits multiple processors and other resources to be virtualized for a number of guest operating systems.

• The z/VM can also emulate a guest local area network (LAN) virtually for those guest operating systems that want to communicate with each other. This is emulated entirely in the hypervisor, making it highly secure.

z/VM (full virtualization)

Xen (paravirtualization)• Xen is a free open source solution for operating system-level

paravirtualization from XenSource. Recall that in paravirtualization the hypervisor and the operating system collaborate on the virtualization, requiring operating system changes but resulting in near native performance.

• As Xen requires collaboration (modifications to the guest operating system), only those operating systems that are patched can be virtualized over Xen. From the perspective of Linux, which is itself open source, this is a reasonable compromise because the result is better performance than full virtualization. But from the perspective of wide support (such as supporting other non-open source operating systems), it's a clear disadvantage.

• It is possible to run Windows as a guest on Xen, but only on systems running the Intel Vanderpool or AMD Pacifica. Other operating systems that support Xen include Minix, Plan 9, NetBSD, FreeBSD, and OpenSolaris.

User-mode Linux (paravirtualization)

• User-mode Linux (UML) allows a Linux operating system to run other Linux operating systems in user-space. Each guest Linux operating system exists within a process of the host Linux operating system (see Figure 6). This permits multiple Linux kernels (with their own associated user-spaces) to run within the context of a single Linux kernel.


• As of the 2.6 Linux kernel, UML resides in the main kernel tree, but it must be enabled and then recompiled for use. These changes provide, among other things, device virtualization. This allows the guest operating systems to share the available physical devices, such as the block devices (floppy, CD-ROM, and file systems, for example), consoles, NIC devices, sound hardware, and others.


• Note that since the guest kernels run in application space, they must be specially compiled for this use (though they can be different kernel versions). This results in what's called the host kernel (which resides on the hardware) and the guest kernel (which runs in the user space of the host kernel). These kernels can even be nested, allowing a guest kernel to run on another guest kernel that is running on the host kernel.

Linux-VServer (operating system-level virtualization)

• Linux-VServer is a solution for operating system-level virtualization. Linux-VServer virtualizes the Linux kernel so that multiple user-space environments, otherwise known as Virtual Private Servers (VPS), run independently with no knowledge of one another. Linux-VServer achieves user-space isolation through a set of modifications to the Linux kernel.

• To isolate the individual user-spaces from one another, you begin with the concept of a context. A context is a container for processes of a given VPS, so that tools like ps know only about the processes of the VPS. For initial boot, the kernel defines a default context. A spectator context also exists for administration (to view all executing processes). As you can guess, the kernel and internal data structures are modified to support this approach to virtualization.


• Linux-VServer also uses a form of chroot to isolate the root directory for each VPS. Recall that chroot allows a new root directory to be specified, but additional functionality is required (called a Chroot-Barrier) so that a VPS can't escape its isolated root directory to the parent. Given an isolated root directory, each VPS has its own user list and root password.


• The Linux-VServer is supported by both the 2.4 and 2.6 Linux kernels and operates on a number of platforms, including x86, x86-64, SPARC, MIPS, ARM and PowerPC.


• OpenVZ is another operating system-level virtualization solution, like Linux-VServer, but it has some interesting differences.

• OpenVZ is a virtualization-aware (modified) kernel that supports isolated user-spaces, VPS, with a set of user-tools for management.

• For example, you can easily create a new VPS from the command line

OpenVZ (operating system-level virtualization)


$ vzctl create 42 --ostemplate fedora-core-4

Creating VPS private area

VPS private area was created

$ vzctl start 42

Starting VPS ...

VPS is mounted

• You can also list the currently created VPSes using the vzlist command, which operates in a similar fashion to the standard Linux ps command.

• To schedule processes, OpenVZ includes a two-level CPU scheduler. First, the scheduler determines which VPS should get the CPU. After this is done, the second-level scheduler picks the process to execute given the standard Linux priorities.


• OpenVZ also includes what are called beancounters. A beancounter consists of a number of parameters that define resource distribution for a given VPS. This provides a level of control over a VPS, defining how much memory is available, how many interprocess communication (IPC) objects are available, and so on.

• A unique feature of OpenVZ is the ability to checkpoint and migrate a VPS from one physical server to another. Checkpointing means that the state of a running VPS is frozen and store into a file. This file can then be migrated to a new server and restored to bring the VPS back online.

• OpenVZ supports a number of hardware architectures, including x86, x86-64, and PowerPC.


Hardware support for full virtualization and paravirtualization

• Recall that the IA-32 (x86) architecture creates some issues when it comes to virtualization. Certain privileged-mode instructions do not trap, and can return different results based upon the mode. For example, the x86 STR instruction retrieves the security state, but the value returned is based upon the particular requester's privilege level. This is problematic when attempting to virtualize different operating systems at different levels. For example, the x86 supports four rings of protection, where level 0 (the highest privilege) typically runs the operating system, levels 1 and 2 support operating system services, and level 3 (the lowest level) supports applications. Hardware vendors have recognized this shortcoming (and others), and have produced new designs that support and accelerate virtualization.

• Intel is producing new virtualization technology that will support hypervisors for both the x86 (VT-x) and Itanium® (VT-i) architectures.

• The VT-x supports two new forms of operation– one for the VMM (root)– one for guest operating systems (non-root).

• The root form is fully privileged, while the non-root form is deprivileged (even for ring 0).

• The architecture also supports flexibility in defining the instructions that cause a VM (guest operating system) to exit to the VMM and store off processor state. Other capabilities have been added


• AMD is also producing hardware-assisted virtualization technology, under the name Pacifica.

• Among other things, Pacifica maintains a control block for guest operating systems that are saved on execution of special instructions.

• The VMRUN instruction allows a virtual machine (and its associated guest operating system) to run until the VMM regains control (which is also configurable). The configurability allows the VMM to customize the privileges for each of the guests.

• Pacifica also amends address translation with host and guest memory management unit (MMU) tables.


Linux KVM (Kernel Virtual Machine)

• The most recent news out of Linux is the incorporation of the KVM into the Linux kernel (2.6.20).

• KVM is a full virtualization solution that is unique in that it turns a Linux kernel into a hypervisor using a kernel module.

• This module allows other guest operating systems to then run in user-space of the host Linux kernel (see Figure in the next slide).

• The KVM module in the kernel exposes the virtualized hardware through the /dev/kvm character device.

• The guest operating system interfaces to the KVM module using a modified QEMU process for PC hardware emulation.

• The KVM module introduces a new execution mode into the kernel. Where vanilla kernels support kernel mode and user mode, the KVM introduces a guest mode. The guest mode is used to execute all non-I/O guest code, where normal user mode supports I/O for guests.

• The introduction of the KVM is an interesting evolution of Linux, as it represents the first virtualization technology that is part of the mainline Linux kernel. It exists in the 2.6.20 tree, but can be used as a kernel module for the 2.6.19 kernel. When run on hardware that supports virtualization, Linux (32-and 64-bit) and Windows (32-bit) guests are supported.


Virtualization Examples

• Server consolidation - Virtual machines are used to consolidate many physical servers into fewer servers, which in turn host virtual machines. Each physical server is reflected as a virtual machine "guest" residing on a virtual machine host system. This is also known as Physical-to-Virtual or 'P2V' transformation.

• Disaster recovery - Virtual machines can be used as "hot standby" environments for physical production servers. This changes the classical "backup-and-restore" philosophy, by providing backup images that can "boot" into live virtual machines, capable of taking over workload for a production server experiencing an outage.


• Testing and training - Hardware virtualization can give root access to a virtual machine. This can be very useful such as in kernel development and operating system courses.


• Portable applications - The Microsoft Windows platform has a well-known issue involving the creation of portable applications, needed (for example) when running an application from a removable drive, without installing it on the system's main disk drive. This is a particular issue with USB drives. Virtualization can be used to encapsulate the application with a redirection layer that stores temporary files, Windows Registry entries, and other state information in the application's installation directory – and not within the system's permanent file system. See portable applications for further details. It is unclear whether such implementations are currently available.


• Portable workspaces - Recent technologies have used virtualization to create portable workspaces on devices like iPods and USB memory sticks. These products include:– Application Level – Thinstall – which is a driver-less solution for

running "Thinstalled" applications directly from removable storage without system changes or needing Admin rights

– OS-level – MojoPac, Ceedo, and U3 – which allows end users to install some applications onto a storage device for use on another PC.

– Machine-level – moka5 and LivePC – which delivers an operating system with a full software suite, including isolation and security protections.


Server Virtualization

• Server virtualization is used to describe many different technologies and approaches to abstract operating systems from hardware.

• Server virtualization presents a virtual view of hardware to an operating system to allow multiple operating systems to share the same physical resource in complete isolation from each other.

Server Virtualization

• The key benefits of virtualization are:– Isolation: A virtual server’s state is unaffected

by the state of other virtual servers on the same physical hardware.

– Encapsulation: The state of a virtual server can be captured and files representing a virtual server are portable.

– Hardware-independence: Virtual hardware does not have to be identical to the underlying physical hardware.

X86 Virtualization

• The x86 architecture was not originally designed for virtualization.

• This created tradeoffs in early server virtualization implementations in terms of both performance and complexity.

• Historically there have been two approaches to virtualize x86 architecture– binary patching– paravirtualization.

• Although both approaches create the illusion of physical hardware to achieve the goal of operating system independence from the hardware, there are significant differences between the approaches

• Full virtualization with binary patching, at run-time rewrites x86 instructions that cannot be trapped and converts them into a series of instructions that can be trapped and virtualized. Full virtualization is capable of running existing, legacy operating systems without modifications, however it has significant costs in complexity and runtime performance.

X86 Virtualization

• Paravirtualization modifies an operating system to replace non-trappable x86 instructions with a series of calls directly into a hypervisor (a virtual machine monitor). It achieves high performance with less complexity in the virtualization layer but requires the guest operating system to be substantially modified and tied to a particular version of the hypervisor.

X86 Virtualization

Virtual Infrastructure

• All data center resources can be virtualized to create a Virtual Infrastructure. The components described in the chart below provide the foundation to create virtual servers. A virtual server consists of 32 or 64-bit CPUs, memory, disks, network adapters, fibre channel adapters, keyboard, video, and mouse. A virtual server can run standard Linux and Windows operating systems and applications.

Physical Resource Virtual Infrastructure

Industry standard Intel and AMD servers upon which the virtualization layer is automatically deployed

A Virtualized Node consists of a collection of CPUs and RAM that can be allocated to a virtual server

Each server can have multiple gigabit Ethernet cards (NICs) to provide required throughput and availability

Virtual servers connect through virtual NICs to physical or virtual networks

iSCSI, SAN and NAS storage technologies are used for reliable persistent storage

A collection of storage resources can be partitioned and allocated to virtual servers using raw mappings or virtual hard disks

Virtual Infrastructure

Virtualization Tips

• In the VMware space, VirtualCenter is the management tool of choice for ESX Server.

• Other products, like Hewlett-Packard's Virtual Machine Management or IBM's Director modules, are adding functionality to deal with virtual machine [VM] environments.

• The problem is that most of these tools that are snap-ins lack much of the simple functionality you get in VirtualCenter.

• Most companies will end up buying both VirtualCenter and the vendor's tool and use both depending on what they are doing.

Virtualization Tips

• Shy away from large amounts of processing when doing consolidation.

• If you are doing virtualization for other reasons, like workload management, then you can get nearly anything to run virtualized if you are willing to change some of the things you do.

• However, if you are looking for maximum consolidation ratios and high ROIs, stay away from the quad boxes that are already running at 50%.

Security Tips

• Some standard minimum security at least: – Disable remote root access – use sudo when needed– configure the AD PAM modules for Windows

shops.

• Some organizations use too much surrounding security and end up making their environment slower, more difficult and expensive to manage.

• When dealing with the VMs, all of the standard procedures should be followed.

• The host systems themselves should often be considered appliances, and organizations should limit the amount of customized agents and security hacks performed on these systems.

Security Tips

• One should not go overboard with ESX hosts, since they are basically appliances serving up computing resources and should be treated as such. Nevertheless, taking a common sense approach to security on the servers is the best bet.

• The most common mistakes made with virtual security are based on ignorance, lack of knowledge of the Linux console, failure to understand how virtual switch architecture works, and what the host does not directly see in the data in the VM disk files.

Security Tips

• The same practices that are performed to secure a physical environment can, and should, be used in a virtual environment as well.

• Everything from proper VLAN/firewall organization to host-based intrusion detection should be leveraged to keep the environment secure.

Security Tips

Scalability Tips

• Simplicity. The more complicated the design and infrastructure, the less scalable it will be. – For example, a common mistake in large

organizations, is that they assume they cannot create a simple solution because they are big. One can argue that they should make the solution or design for VMware as simple as possible to make it scalable for the size of their organization and largest client base.

• Don't design the entire solution around the one-offs.

• When designing a virtual infrastructure, one should never look at the environment and try to plan one large infrastructure for the entire virtualization project. It won’t work.

• Organize the overall environment into smaller groupings of servers and addressed individually.

• When approached this way, at the end of the project, a very scalable deployment methodology that uses the same principals with a manageable number of servers in various phases of the project will be in place

Scalability Tips

Virtualization Virtual Data Center Design. Goals Mengapa membutuhkan virtualisasi ? Memahami dasar...

Documents

Transcript of Virtualization Virtual Data Center Design. Goals Mengapa membutuhkan virtualisasi ? Memahami dasar...